diff --git a/policy-controller/k8s/index/src/inbound/index/grpc.rs b/policy-controller/k8s/index/src/inbound/index/grpc.rs index c650a27788934..b90a95ec56063 100644 --- a/policy-controller/k8s/index/src/inbound/index/grpc.rs +++ b/policy-controller/k8s/index/src/inbound/index/grpc.rs @@ -37,7 +37,7 @@ impl TryFrom for RouteBinding { let statuses = route .status - .map_or_else(Vec::new, |status| Status::collect_from_grpc(status)); + .map_or_else(Vec::new, Status::collect_from_grpc); Ok(RouteBinding { parents, diff --git a/policy-controller/k8s/index/src/inbound/index/http.rs b/policy-controller/k8s/index/src/inbound/index/http.rs index e63cef2bf93a7..e501bd3eb68e0 100644 --- a/policy-controller/k8s/index/src/inbound/index/http.rs +++ b/policy-controller/k8s/index/src/inbound/index/http.rs @@ -37,7 +37,7 @@ impl TryFrom for RouteBinding { let statuses = route .status - .map_or_else(Vec::new, |status| Status::collect_from_http(status)); + .map_or_else(Vec::new, Status::collect_from_http); Ok(RouteBinding { parents, diff --git a/policy-controller/k8s/index/src/outbound/index/grpc.rs b/policy-controller/k8s/index/src/outbound/index/grpc.rs index 1ed4473683ef3..6124a9981b2a1 100644 --- a/policy-controller/k8s/index/src/outbound/index/grpc.rs +++ b/policy-controller/k8s/index/src/outbound/index/grpc.rs @@ -165,7 +165,7 @@ pub(super) fn convert_backend( }; Some(Backend::Service(WeightedService { - weight: weight as u32, + weight, authority: cluster.service_dns_authority(&backend_ref.namespace, &name, port), name, namespace: backend_ref.namespace.to_string(), @@ -175,7 +175,7 @@ pub(super) fn convert_backend( })) } ResourceKind::EgressNetwork => Some(Backend::EgressNetwork(WeightedEgressNetwork { - weight: weight.into(), + weight, name, namespace: backend_ref.namespace.to_string(), port, diff --git a/policy-controller/k8s/index/src/outbound/index/http.rs b/policy-controller/k8s/index/src/outbound/index/http.rs index 9fb1b759b6a00..7103cd006ef7c 100644 --- a/policy-controller/k8s/index/src/outbound/index/http.rs +++ b/policy-controller/k8s/index/src/outbound/index/http.rs @@ -263,7 +263,7 @@ pub(super) fn convert_backend( }; Some(Backend::Service(WeightedService { - weight: weight as u32, + weight, authority: cluster.service_dns_authority(&backend_ref.namespace, &name, port), name, namespace: backend_ref.namespace.to_string(), @@ -273,7 +273,7 @@ pub(super) fn convert_backend( })) } ResourceKind::EgressNetwork => Some(Backend::EgressNetwork(WeightedEgressNetwork { - weight: weight.into(), + weight, name, namespace: backend_ref.namespace.to_string(), port, diff --git a/policy-controller/k8s/index/src/outbound/index/tcp.rs b/policy-controller/k8s/index/src/outbound/index/tcp.rs index a84f2af587742..a888bfaae2862 100644 --- a/policy-controller/k8s/index/src/outbound/index/tcp.rs +++ b/policy-controller/k8s/index/src/outbound/index/tcp.rs @@ -87,7 +87,7 @@ pub(super) fn convert_backend( }; Some(Backend::Service(WeightedService { - weight: weight.into(), + weight, authority: cluster.service_dns_authority(&backend_ref.namespace, &name, port), name, namespace: backend_ref.namespace.to_string(), @@ -97,7 +97,7 @@ pub(super) fn convert_backend( })) } ResourceKind::EgressNetwork => Some(Backend::EgressNetwork(WeightedEgressNetwork { - weight: weight.into(), + weight, name, namespace: backend_ref.namespace.to_string(), port, diff --git a/policy-controller/k8s/index/src/outbound/index/tls.rs b/policy-controller/k8s/index/src/outbound/index/tls.rs index b61f408a1c601..ea08824ab167e 100644 --- a/policy-controller/k8s/index/src/outbound/index/tls.rs +++ b/policy-controller/k8s/index/src/outbound/index/tls.rs @@ -98,7 +98,7 @@ pub(super) fn convert_backend( }; Some(Backend::Service(WeightedService { - weight: weight.into(), + weight, authority: cluster.service_dns_authority(&backend_ref.namespace, &name, port), name, namespace: backend_ref.namespace.to_string(), @@ -108,7 +108,7 @@ pub(super) fn convert_backend( })) } ResourceKind::EgressNetwork => Some(Backend::EgressNetwork(WeightedEgressNetwork { - weight: weight.into(), + weight, name, namespace: backend_ref.namespace.to_string(), port, diff --git a/policy-controller/k8s/index/src/routes.rs b/policy-controller/k8s/index/src/routes.rs index 7d31812b972c8..a600fa7ce4727 100644 --- a/policy-controller/k8s/index/src/routes.rs +++ b/policy-controller/k8s/index/src/routes.rs @@ -35,7 +35,7 @@ impl HttpRouteResource { pub(crate) fn status(&self) -> Option<&gateway::httproutes::HTTPRouteStatus> { match self { Self::LinkerdHttp(route) => route.status.as_ref().map(|status| &status.inner), - Self::GatewayHttp(route) => route.status.as_ref().map(|status| status), + Self::GatewayHttp(route) => route.status.as_ref(), } } diff --git a/policy-controller/k8s/status/src/index.rs b/policy-controller/k8s/status/src/index.rs index 4d1751d460f05..9ae06a07152a2 100644 --- a/policy-controller/k8s/status/src/index.rs +++ b/policy-controller/k8s/status/src/index.rs @@ -546,7 +546,7 @@ impl Index { // attach to has any routes attached that are in conflict with the one // that we are about to attach. This is done following the logs outlined in: // https://gateway-api.sigs.k8s.io/geps/gep-1426/#route-types - pub fn parent_has_conflicting_routes<'p>( + pub fn parent_has_conflicting_routes( &self, parent_ref: &routes::ParentReference, candidate_kind: &str, diff --git a/policy-controller/k8s/status/src/routes.rs b/policy-controller/k8s/status/src/routes.rs index eb7de78d163d3..6fe5af5abb5f9 100644 --- a/policy-controller/k8s/status/src/routes.rs +++ b/policy-controller/k8s/status/src/routes.rs @@ -1,6 +1,4 @@ use crate::resource_id::ResourceId; -use anyhow::Result; -use linkerd_policy_controller_k8s_api::{self as k8s_core_api, gateway, policy as linkerd_k8s_api}; pub(crate) mod grpc; pub(crate) mod http; diff --git a/policy-controller/k8s/status/src/routes/grpc.rs b/policy-controller/k8s/status/src/routes/grpc.rs index f5fb0acba7a4e..aeb819782be0e 100644 --- a/policy-controller/k8s/status/src/routes/grpc.rs +++ b/policy-controller/k8s/status/src/routes/grpc.rs @@ -20,7 +20,7 @@ pub(crate) fn make_backends( pub(crate) fn make_parents( namespace: &str, - parents: &Vec, + parents: &[gateway::GRPCRouteParentRefs], ) -> Vec { parents .iter() diff --git a/policy-controller/k8s/status/src/routes/http.rs b/policy-controller/k8s/status/src/routes/http.rs index af6425a5f82f0..004c5f0c94434 100644 --- a/policy-controller/k8s/status/src/routes/http.rs +++ b/policy-controller/k8s/status/src/routes/http.rs @@ -18,7 +18,7 @@ pub(crate) fn make_backends( pub(crate) fn make_parents( namespace: &str, - parents: &Vec, + parents: &[gateway::HTTPRouteParentRefs], ) -> Vec { parents .iter() diff --git a/policy-controller/k8s/status/src/routes/tcp.rs b/policy-controller/k8s/status/src/routes/tcp.rs index d6582787847d7..d2d392d09cf4b 100644 --- a/policy-controller/k8s/status/src/routes/tcp.rs +++ b/policy-controller/k8s/status/src/routes/tcp.rs @@ -18,7 +18,7 @@ pub(crate) fn make_backends( pub(crate) fn make_parents( namespace: &str, - parents: &Vec, + parents: &[gateway::TCPRouteParentRefs], ) -> Vec { parents .iter() diff --git a/policy-controller/k8s/status/src/routes/tls.rs b/policy-controller/k8s/status/src/routes/tls.rs index 9f4c063013b60..d60eccc475125 100644 --- a/policy-controller/k8s/status/src/routes/tls.rs +++ b/policy-controller/k8s/status/src/routes/tls.rs @@ -18,7 +18,7 @@ pub(crate) fn make_backends( pub(crate) fn make_parents( namespace: &str, - parents: &Vec, + parents: &[gateway::TLSRouteParentRefs], ) -> Vec { parents .iter() diff --git a/policy-controller/k8s/status/src/tests/conflict.rs b/policy-controller/k8s/status/src/tests/conflict.rs index 225589893cd41..3134616eddf32 100644 --- a/policy-controller/k8s/status/src/tests/conflict.rs +++ b/policy-controller/k8s/status/src/tests/conflict.rs @@ -1,29 +1,14 @@ #[cfg(test)] use crate::{ - index::{GRPCRouteRef, HTTPRouteRef}, - resource_id::NamespaceGroupKindName, + index::{GRPCRouteRef, HTTPRouteRef, SharedIndex, TCPRouteRef, TLSRouteRef}, + resource_id::{NamespaceGroupKindName, ResourceId}, routes, -}; - -use crate::{ - index::{accepted, in_cluster_net_overlap, SharedIndex, TCPRouteRef, TLSRouteRef}, - resource_id::NamespaceGroupKindName, tests::default_cluster_networks, Index, IndexMetrics, }; -use crate::{resource_id::ResourceId, Index}; -use ahash::HashMap; use chrono::{DateTime, Utc}; -use kubert::index::IndexNamespacedResource; use linkerd_policy_controller_core::routes::GroupKindName; -use linkerd_policy_controller_core::routes::GroupKindName; -use linkerd_policy_controller_k8s_api::{ - self as k8s_core_api, - policy::{self as linkerd_k8s_api, EgressNetworkStatus}, - Resource, -}; use linkerd_policy_controller_k8s_api::{gateway, Resource}; -use std::vec; use std::{sync::Arc, vec}; use tokio::sync::{mpsc, watch}; @@ -356,6 +341,8 @@ fn tls_route_no_conflict(p: ParentRefType) { } fn tcp_route_conflict_grpc(p: ParentRefType) { + let index = make_index(); + let parent = match p { ParentRefType::Service => routes::ParentReference::Service( ResourceId::new("ns".to_string(), "service".to_string()), @@ -368,7 +355,7 @@ fn tcp_route_conflict_grpc(p: ParentRefType) { ), }; - let known_routes: HashMap<_, _> = vec![( + index.write().update_grpc_route( NamespaceGroupKindName { namespace: "default".to_string(), gkn: GroupKindName { @@ -377,23 +364,21 @@ fn tcp_route_conflict_grpc(p: ParentRefType) { name: "grpc-1".into(), }, }, - RouteRef { + &GRPCRouteRef { parents: vec![parent.clone()], statuses: vec![], backends: vec![], }, - )] - .into_iter() - .collect(); + ); - assert!(parent_has_conflicting_routes( - &mut known_routes.iter(), - &parent, - "TCPRoute" - )); + assert!(index + .read() + .parent_has_conflicting_routes(&parent, "TCPRoute")); } fn tcp_route_conflict_http(p: ParentRefType) { + let index = make_index(); + let parent = match p { ParentRefType::Service => routes::ParentReference::Service( ResourceId::new("ns".to_string(), "service".to_string()), @@ -406,7 +391,7 @@ fn tcp_route_conflict_http(p: ParentRefType) { ), }; - let known_routes: HashMap<_, _> = vec![( + index.write().update_http_route( NamespaceGroupKindName { namespace: "default".to_string(), gkn: GroupKindName { @@ -415,23 +400,21 @@ fn tcp_route_conflict_http(p: ParentRefType) { name: "http-1".into(), }, }, - RouteRef { + &HTTPRouteRef { parents: vec![parent.clone()], statuses: vec![], backends: vec![], }, - )] - .into_iter() - .collect(); + ); - assert!(parent_has_conflicting_routes( - &mut known_routes.iter(), - &parent, - "TCPRoute" - )); + assert!(index + .read() + .parent_has_conflicting_routes(&parent, "TCPRoute")); } fn tcp_route_conflict_tls(p: ParentRefType) { + let index = make_index(); + let parent = match p { ParentRefType::Service => routes::ParentReference::Service( ResourceId::new("ns".to_string(), "service".to_string()), @@ -444,7 +427,7 @@ fn tcp_route_conflict_tls(p: ParentRefType) { ), }; - let known_routes: HashMap<_, _> = vec![( + index.write().update_tls_route( NamespaceGroupKindName { namespace: "default".to_string(), gkn: GroupKindName { @@ -453,23 +436,21 @@ fn tcp_route_conflict_tls(p: ParentRefType) { name: "tls-1".into(), }, }, - RouteRef { + &TLSRouteRef { parents: vec![parent.clone()], statuses: vec![], backends: vec![], }, - )] - .into_iter() - .collect(); + ); - assert!(parent_has_conflicting_routes( - &mut known_routes.iter(), - &parent, - "TCPRoute" - )); + assert!(index + .read() + .parent_has_conflicting_routes(&parent, "TCPRoute")); } fn tcp_route_no_conflict(p: ParentRefType) { + let index = make_index(); + let parent = match p { ParentRefType::Service => routes::ParentReference::Service( ResourceId::new("ns".to_string(), "service".to_string()), @@ -482,7 +463,7 @@ fn tcp_route_no_conflict(p: ParentRefType) { ), }; - let known_routes: HashMap<_, _> = vec![( + index.write().update_tcp_route( NamespaceGroupKindName { namespace: "default".to_string(), gkn: GroupKindName { @@ -491,20 +472,16 @@ fn tcp_route_no_conflict(p: ParentRefType) { name: "tcp-1".into(), }, }, - RouteRef { + &TCPRouteRef { parents: vec![parent.clone()], statuses: vec![], backends: vec![], }, - )] - .into_iter() - .collect(); + ); - assert!(!parent_has_conflicting_routes( - &mut known_routes.iter(), - &parent, - "TCPRoute" - )); + assert!(!index + .read() + .parent_has_conflicting_routes(&parent, "TCPRoute")); } #[test] diff --git a/policy-controller/k8s/status/src/tests/routes/grpc.rs b/policy-controller/k8s/status/src/tests/routes/grpc.rs index ef4bbc6464582..e5b92d0669d82 100644 --- a/policy-controller/k8s/status/src/tests/routes/grpc.rs +++ b/policy-controller/k8s/status/src/tests/routes/grpc.rs @@ -11,12 +11,14 @@ use chrono::{DateTime, Utc}; use kubert::index::IndexNamespacedResource; use linkerd_policy_controller_core::{routes::GroupKindName, POLICY_CONTROLLER_NAME}; use linkerd_policy_controller_k8s_api::{ - self as k8s, gateway::grpcroutes as gateway, policy, Resource, ResourceExt, + self as k8s, + gateway::{grpcroutes as gateway, httproutes}, + policy, Resource, ResourceExt, }; use std::sync::Arc; use tokio::sync::{mpsc, watch}; -fn make_parent_status( +pub(crate) fn make_parent_status( namespace: impl ToString, name: impl ToString, type_: impl ToString, @@ -133,7 +135,9 @@ fn route_with_valid_service_backends() { controller_name: POLICY_CONTROLLER_NAME.to_string(), conditions: Some(vec![accepted_condition, backend_condition]), }; - let status = make_status(vec![parent_status]); + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -164,7 +168,7 @@ fn route_with_valid_egress_network_backend() { index.write().apply(parent.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::GRPCRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -184,13 +188,11 @@ fn route_with_valid_egress_network_backend() { &id, parent.clone(), Some(vec![gateway::GRPCRouteRulesBackendRefs { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("policy.linkerd.io".to_string()), - kind: Some("EgressNetwork".to_string()), - name: parent.name.clone(), - namespace: parent.namespace.clone(), - port: Some(8080), - }, + group: Some("policy.linkerd.io".to_string()), + kind: Some("EgressNetwork".to_string()), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: Some(8080), weight: None, filters: None, }]), @@ -202,11 +204,20 @@ fn route_with_valid_egress_network_backend() { // All backends exist and can be resolved. let backend_condition = resolved_refs(); let parent_status = gateway::GRPCRouteStatusParents { - parent_ref: parent, + parent_ref: gateway::GRPCRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -241,7 +252,7 @@ fn route_with_invalid_service_backend() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::GRPCRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -262,24 +273,20 @@ fn route_with_invalid_service_backend() { parent.clone(), Some(vec![ gateway::GRPCRouteRulesBackendRefs { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), filters: None, weight: None, }, gateway::GRPCRouteRulesBackendRefs { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: "nonexistant-backend".to_string(), - namespace: backend.namespace(), - port: Some(8080), - }, + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: "nonexistant-backend".to_string(), + namespace: backend.namespace(), + port: Some(8080), filters: None, weight: None, }, @@ -292,11 +299,20 @@ fn route_with_invalid_service_backend() { // One of the backends does not exist so the status should be BackendNotFound. let backend_condition = backend_not_found(); let parent_status = gateway::GRPCRouteStatusParents { - parent_ref: parent, + parent_ref: gateway::GRPCRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -331,7 +347,7 @@ fn route_with_egress_network_backend_different_from_parent() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::GRPCRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -351,13 +367,11 @@ fn route_with_egress_network_backend_different_from_parent() { &id, parent.clone(), Some(vec![gateway::GRPCRouteRulesBackendRefs { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("policy.linkerd.io".to_string()), - kind: Some("EgressNetwork".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, + group: Some("policy.linkerd.io".to_string()), + kind: Some("EgressNetwork".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), filters: None, weight: None, }]), @@ -370,11 +384,20 @@ fn route_with_egress_network_backend_different_from_parent() { "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); let parent_status = gateway::GRPCRouteStatusParents { - parent_ref: parent, + parent_ref: gateway::GRPCRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -409,7 +432,7 @@ fn route_with_egress_network_backend_and_service_parent() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::GRPCRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -429,13 +452,11 @@ fn route_with_egress_network_backend_and_service_parent() { &id, parent.clone(), Some(vec![gateway::GRPCRouteRulesBackendRefs { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("policy.linkerd.io".to_string()), - kind: Some("EgressNetwork".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, + group: Some("policy.linkerd.io".to_string()), + kind: Some("EgressNetwork".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), filters: None, weight: None, }]), @@ -448,11 +469,20 @@ fn route_with_egress_network_backend_and_service_parent() { "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); let parent_status = gateway::GRPCRouteStatusParents { - parent_ref: parent, + parent_ref: gateway::GRPCRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -487,7 +517,7 @@ fn route_with_egress_network_parent_and_service_backend() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::GRPCRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -507,13 +537,11 @@ fn route_with_egress_network_parent_and_service_backend() { &id, parent.clone(), Some(vec![gateway::GRPCRouteRulesBackendRefs { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), filters: None, weight: None, }]), @@ -524,11 +552,20 @@ fn route_with_egress_network_parent_and_service_backend() { let accepted_condition = accepted(); let backend_condition = resolved_refs(); let parent_status = gateway::GRPCRouteStatusParents { - parent_ref: parent, + parent_ref: gateway::GRPCRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -563,7 +600,7 @@ fn route_accepted_after_server_create() { group: gateway::GRPCRoute::group(&()), }, }; - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::GRPCRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("Server".to_string()), namespace: None, @@ -584,7 +621,9 @@ fn route_accepted_after_server_create() { "False", "NoMatchingParent", ); - let status = make_status(vec![parent_status]); + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The first update will be that the GRPCRoute is not accepted because the @@ -600,14 +639,16 @@ fn route_accepted_after_server_create() { 8080, Some(("app", "app-0")), Some(("app", "app-0")), - Some(linkerd_k8s_api::server::ProxyProtocol::Http2), + Some(policy::server::ProxyProtocol::Http2), ); index.write().apply(server); // Create the expected update. let parent_status = make_parent_status(&id.namespace, "srv-8080", "Accepted", "True", "Accepted"); - let status = make_status(vec![parent_status]); + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the GRPCRoute is accepted because the @@ -644,7 +685,7 @@ fn route_accepted_after_egress_network_create() { name: "route-foo".into(), }, }; - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::GRPCRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("EgressNetwork".to_string()), namespace: Some("ns-0".to_string()), @@ -661,12 +702,21 @@ fn route_accepted_after_egress_network_create() { let accepted_condition = no_matching_parent(); let backend_condition = resolved_refs(); let parent_status = gateway::GRPCRouteStatusParents { - parent_ref: parent.clone(), + parent_ref: gateway::GRPCRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition.clone()], + conditions: Some(vec![accepted_condition, backend_condition.clone()]), }; - let status = make_status(vec![parent_status]); + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The first update will be that the GRPCRoute is not accepted because the @@ -682,12 +732,21 @@ fn route_accepted_after_egress_network_create() { // Create the expected update. let accepted_condition = accepted(); let parent_status = gateway::GRPCRouteStatusParents { - parent_ref: parent, + parent_ref: gateway::GRPCRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), }; - let status = make_status(vec![parent_status]); + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the GRPCRoute is accepted because the @@ -721,7 +780,7 @@ fn route_rejected_after_server_delete() { 8080, Some(("app", "app-0")), Some(("app", "app-0")), - Some(linkerd_k8s_api::server::ProxyProtocol::Http2), + Some(policy::server::ProxyProtocol::Http2), ); index.write().apply(server); @@ -737,7 +796,7 @@ fn route_rejected_after_server_delete() { group: gateway::GRPCRoute::group(&()), }, }; - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::GRPCRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("Server".to_string()), namespace: None, @@ -753,7 +812,9 @@ fn route_rejected_after_server_delete() { // Create the expected update. let parent_status = make_parent_status(&id.namespace, "srv-8080", "Accepted", "True", "Accepted"); - let status = make_status(vec![parent_status]); + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the GRPCRoute is accepted because the @@ -764,7 +825,7 @@ fn route_rejected_after_server_delete() { { let mut index = index.write(); - >::delete( + >::delete( &mut index, "ns-0".to_string(), "srv-8080".to_string(), @@ -774,7 +835,9 @@ fn route_rejected_after_server_delete() { // Create the expected update. let parent_status = make_parent_status("ns-0", "srv-8080", "Accepted", "False", "NoMatchingParent"); - let status = make_status(vec![parent_status]); + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The third update will be that the GRPCRoute is not accepted because the @@ -817,7 +880,7 @@ fn route_rejected_after_egress_network_delete() { name: "route-foo".into(), }, }; - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::GRPCRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("EgressNetwork".to_string()), namespace: Some("ns-0".to_string()), @@ -834,12 +897,21 @@ fn route_rejected_after_egress_network_delete() { let accepted_condition = accepted(); let backend_condition = resolved_refs(); let parent_status = gateway::GRPCRouteStatusParents { - parent_ref: parent.clone(), + parent_ref: gateway::GRPCRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition.clone()], + conditions: Some(vec![accepted_condition, backend_condition.clone()]), }; - let status = make_status(vec![parent_status]); + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the GRPCRoute is accepted because the @@ -850,7 +922,7 @@ fn route_rejected_after_egress_network_delete() { { let mut index = index.write(); - >::delete( + >::delete( &mut index, "ns-0".to_string(), "egress".to_string(), @@ -860,12 +932,21 @@ fn route_rejected_after_egress_network_delete() { // Create the expected update. let rejected_condition = no_matching_parent(); let parent_status = gateway::GRPCRouteStatusParents { - parent_ref: parent.clone(), + parent_ref: gateway::GRPCRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![rejected_condition, backend_condition.clone()], + conditions: Some(vec![rejected_condition, backend_condition.clone()]), }; - let status = make_status(vec![parent_status]); + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The third update will be that the TLSRoute is not accepted because the @@ -897,7 +978,7 @@ fn service_route_type_conflict() { let parent = super::make_service("ns-0", "svc"); index.write().apply(parent.clone()); - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::GRPCRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -910,12 +991,12 @@ fn service_route_type_conflict() { let http_id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: gateway::HTTPRoute::group(&()), - kind: gateway::HTTPRoute::kind(&()), + group: httproutes::HTTPRoute::group(&()), + kind: httproutes::HTTPRoute::kind(&()), name: "httproute-foo".into(), }, }; - let http_route = gateway::HTTPRoute { + let http_route = httproutes::HTTPRoute { status: None, metadata: k8s::ObjectMeta { name: Some(http_id.gkn.name.to_string()), @@ -923,8 +1004,15 @@ fn service_route_type_conflict() { creation_timestamp: Some(k8s::Time(Utc::now())), ..Default::default() }, - spec: gateway::HTTPRouteSpec { - parent_refs: Some(vec![parent.clone()]), + spec: httproutes::HTTPRouteSpec { + parent_refs: Some(vec![httproutes::HTTPRouteParentRefs { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }]), hostnames: None, rules: Some(vec![]), }, @@ -936,11 +1024,20 @@ fn service_route_type_conflict() { // No backends were specified, so we have vacuously resolved them all. let backend_condition = resolved_refs(); let parent_status = gateway::GRPCRouteStatusParents { - parent_ref: parent.clone(), + parent_ref: gateway::GRPCRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition.clone(), backend_condition.clone()], + conditions: Some(vec![accepted_condition.clone(), backend_condition.clone()]), + }; + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&http_id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); assert_eq!(http_id, update.id); @@ -961,23 +1058,41 @@ fn service_route_type_conflict() { // Two expected updates: HTTPRoute should be rejected and GRPCRoute should be accepted for _ in 0..2 { let update = updates_rx.try_recv().unwrap(); - if update.id.gkn.kind == gateway::HTTPRoute::kind(&()) { + if update.id.gkn.kind == httproutes::HTTPRoute::kind(&()) { let conflict_condition = route_conflicted(); let parent_status = gateway::GRPCRouteStatusParents { - parent_ref: parent.clone(), + parent_ref: gateway::GRPCRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![conflict_condition, backend_condition.clone()], + conditions: Some(vec![conflict_condition, backend_condition.clone()]), + }; + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&http_id, status).unwrap(); assert_eq!(patch, update.patch); } else { let parent_status = gateway::GRPCRouteStatusParents { - parent_ref: parent.clone(), + parent_ref: gateway::GRPCRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition.clone(), backend_condition.clone()], + conditions: Some(vec![accepted_condition.clone(), backend_condition.clone()]), + }; + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&grpc_id, status).unwrap(); assert_eq!(patch, update.patch); } @@ -1008,7 +1123,7 @@ fn egress_network_route_type_conflict() { let parent = super::make_egress_network("ns-0", "egress", accepted()); index.write().apply(parent.clone()); - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::GRPCRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -1021,12 +1136,12 @@ fn egress_network_route_type_conflict() { let http_id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: gateway::HTTPRoute::group(&()), - kind: gateway::HTTPRoute::kind(&()), + group: httproutes::HTTPRoute::group(&()), + kind: httproutes::HTTPRoute::kind(&()), name: "httproute-foo".into(), }, }; - let http_route = gateway::HTTPRoute { + let http_route = httproutes::HTTPRoute { status: None, metadata: k8s::ObjectMeta { name: Some(http_id.gkn.name.to_string()), @@ -1034,10 +1149,15 @@ fn egress_network_route_type_conflict() { creation_timestamp: Some(k8s::Time(Utc::now())), ..Default::default() }, - spec: gateway::HTTPRouteSpec { - inner: k8s_gateway_api::CommonRouteSpec { - parent_refs: Some(vec![parent.clone()]), - }, + spec: httproutes::HTTPRouteSpec { + parent_refs: Some(vec![httproutes::HTTPRouteParentRefs { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }]), hostnames: None, rules: Some(vec![]), }, @@ -1049,11 +1169,20 @@ fn egress_network_route_type_conflict() { // No backends were specified, so we have vacuously resolved them all. let backend_condition = resolved_refs(); let parent_status = gateway::GRPCRouteStatusParents { - parent_ref: parent.clone(), + parent_ref: gateway::GRPCRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition.clone(), backend_condition.clone()], + conditions: Some(vec![accepted_condition.clone(), backend_condition.clone()]), + }; + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&http_id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); assert_eq!(http_id, update.id); @@ -1074,23 +1203,41 @@ fn egress_network_route_type_conflict() { // Two expected updates: HTTPRoute should be rejected and GRPCRoute should be accepted for _ in 0..2 { let update = updates_rx.try_recv().unwrap(); - if update.id.gkn.kind == gateway::HTTPRoute::kind(&()) { + if update.id.gkn.kind == httproutes::HTTPRoute::kind(&()) { let conflict_condition = route_conflicted(); let parent_status = gateway::GRPCRouteStatusParents { - parent_ref: parent.clone(), + parent_ref: gateway::GRPCRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![conflict_condition, backend_condition.clone()], + conditions: Some(vec![conflict_condition, backend_condition.clone()]), + }; + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&http_id, status).unwrap(); assert_eq!(patch, update.patch); } else { let parent_status = gateway::GRPCRouteStatusParents { - parent_ref: parent.clone(), + parent_ref: gateway::GRPCRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition.clone(), backend_condition.clone()], + conditions: Some(vec![accepted_condition.clone(), backend_condition.clone()]), + }; + let status = gateway::GRPCRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&grpc_id, status).unwrap(); assert_eq!(patch, update.patch); } @@ -1114,27 +1261,22 @@ fn make_route( ..Default::default() }, spec: gateway::GRPCRouteSpec { - inner: k8s_gateway_api::CommonRouteSpec { - parent_refs: Some(vec![parent]), - }, + parent_refs: Some(vec![parent]), hostnames: None, - rules: Some(vec![gateway::GRPCRouteRule { + rules: Some(vec![gateway::GRPCRouteRules { + name: None, filters: None, backend_refs: backends, - matches: Some(vec![gateway::GRPCRouteMatch { + matches: Some(vec![gateway::GRPCRouteRulesMatches { headers: None, - method: Some(k8s_gateway_api::GrpcMethodMatch::Exact { + method: Some(gateway::GRPCRouteRulesMatchesMethod { method: Some("MakeRoute".to_string()), service: Some("io.linkerd.Test".to_string()), + r#type: Some(gateway::GRPCRouteRulesMatchesMethodType::Exact), }), }]), + session_persistence: None, }]), }, } } - -fn make_status(parents: Vec) -> gateway::GRPCRouteStatus { - gateway::GRPCRouteStatus { - inner: k8s_gateway_api::RouteStatus { parents }, - } -} diff --git a/policy-controller/k8s/status/src/tests/routes/helpers.rs b/policy-controller/k8s/status/src/tests/routes/helpers.rs index a9879f4b47a1e..d9572be4320bd 100644 --- a/policy-controller/k8s/status/src/tests/routes/helpers.rs +++ b/policy-controller/k8s/status/src/tests/routes/helpers.rs @@ -1,11 +1,11 @@ -use super::make_parent_status; -use crate::index::eq_time_insensitive_route_parent_statuses; +use super::{grpc, http}; +use crate::index; #[test] -fn test_eq_time_insensitive_route_parent_statuses_order_sensitive() { +fn test_eq_time_insensitive_gprc_route_parent_statuses_order_sensitive() { // Create RouteParentStatus instances using make_parent_status helper - let status1 = make_parent_status("ns", "parent1", "Ready", "True", "AllGood"); - let status2 = make_parent_status("ns", "parent2", "Ready", "True", "AllGood"); + let status1 = grpc::make_parent_status("ns", "parent1", "Ready", "True", "AllGood"); + let status2 = grpc::make_parent_status("ns", "parent2", "Ready", "True", "AllGood"); // Create two lists with the same elements in different orders let list1 = vec![status1.clone(), status2.clone()]; @@ -13,5 +13,24 @@ fn test_eq_time_insensitive_route_parent_statuses_order_sensitive() { // Assert that eq_time_insensitive_route_parent_statuses returns true // indicating that it considers the two lists equal - assert!(eq_time_insensitive_route_parent_statuses(&list1, &list2)); + assert!(index::eq_time_insensitive_grpc_route_parent_statuses( + &list1, &list2 + )); +} + +#[test] +fn test_eq_time_insensitive_http_route_parent_statuses_order_sensitive() { + // Create RouteParentStatus instances using make_parent_status helper + let status1 = http::make_parent_status("ns", "parent1", "Ready", "True", "AllGood"); + let status2 = http::make_parent_status("ns", "parent2", "Ready", "True", "AllGood"); + + // Create two lists with the same elements in different orders + let list1 = vec![status1.clone(), status2.clone()]; + let list2 = vec![status2, status1]; + + // Assert that eq_time_insensitive_route_parent_statuses returns true + // indicating that it considers the two lists equal + assert!(index::eq_time_insensitive_http_route_parent_statuses( + &list1, &list2 + )); } diff --git a/policy-controller/k8s/status/src/tests/routes/http.rs b/policy-controller/k8s/status/src/tests/routes/http.rs index f9d41d93c7c3d..cecb8ea417c79 100644 --- a/policy-controller/k8s/status/src/tests/routes/http.rs +++ b/policy-controller/k8s/status/src/tests/routes/http.rs @@ -1,4 +1,3 @@ -use super::make_parent_status; use crate::{ index::{ accepted, backend_not_found, invalid_backend_kind, no_matching_parent, resolved_refs, @@ -12,12 +11,40 @@ use chrono::{DateTime, Utc}; use kubert::index::IndexNamespacedResource; use linkerd_policy_controller_core::{routes::GroupKindName, POLICY_CONTROLLER_NAME}; use linkerd_policy_controller_k8s_api::{ - self as k8s_core_api, gateway as k8s_gateway_api, policy as linkerd_k8s_api, Resource, - ResourceExt, + self as k8s, gateway::httproutes as gateway, policy, Resource, ResourceExt, }; use std::sync::Arc; use tokio::sync::{mpsc, watch}; +pub(crate) fn make_parent_status( + namespace: impl ToString, + name: impl ToString, + type_: impl ToString, + status: impl ToString, + reason: impl ToString, +) -> gateway::HTTPRouteStatusParents { + let condition = k8s::Condition { + message: "".to_string(), + type_: type_.to_string(), + observed_generation: None, + reason: reason.to_string(), + status: status.to_string(), + last_transition_time: k8s::Time(DateTime::::MIN_UTC), + }; + gateway::HTTPRouteStatusParents { + conditions: Some(vec![condition]), + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + port: None, + section_name: None, + name: name.to_string(), + kind: Some("Server".to_string()), + namespace: Some(namespace.to_string()), + group: Some(POLICY_API_GROUP.to_string()), + }, + controller_name: POLICY_CONTROLLER_NAME.to_string(), + } +} + #[test] fn linkerd_route_with_no_backends() { let hostname = "test"; @@ -43,12 +70,12 @@ fn linkerd_route_with_no_backends() { let id = NamespaceGroupKindName { namespace: parent.namespace().as_deref().unwrap().to_string(), gkn: GroupKindName { - group: linkerd_k8s_api::HttpRoute::group(&()), - kind: linkerd_k8s_api::HttpRoute::kind(&()), + group: policy::HttpRoute::group(&()), + kind: policy::HttpRoute::kind(&()), name: "route-foo".into(), }, }; - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -64,12 +91,21 @@ fn linkerd_route_with_no_backends() { let accepted_condition = accepted(); // No backends were specified, so we have vacuously resolved them all. let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -100,7 +136,7 @@ fn gateway_route_with_no_backends() { index.write().apply(parent.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -111,8 +147,8 @@ fn gateway_route_with_no_backends() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::HttpRoute::group(&()), - kind: k8s_gateway_api::HttpRoute::kind(&()), + group: gateway::HTTPRoute::group(&()), + kind: gateway::HTTPRoute::kind(&()), name: "route-foo".into(), }, }; @@ -123,12 +159,21 @@ fn gateway_route_with_no_backends() { let accepted_condition = accepted(); // No backends were specified, so we have vacuously resolved them all. let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -170,12 +215,12 @@ fn linkerd_route_with_valid_service_backends() { let id = NamespaceGroupKindName { namespace: parent.namespace().as_deref().unwrap().to_string(), gkn: GroupKindName { - group: linkerd_k8s_api::HttpRoute::group(&()), - kind: linkerd_k8s_api::HttpRoute::kind(&()), + group: policy::HttpRoute::group(&()), + kind: policy::HttpRoute::kind(&()), name: "route-foo".into(), }, }; - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -187,30 +232,22 @@ fn linkerd_route_with_valid_service_backends() { &id, parent.clone(), Some(vec![ - linkerd_k8s_api::httproute::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - weight: None, - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend1.name_unchecked(), - namespace: backend1.namespace(), - port: Some(8080), - }, - }), + gateway::HTTPRouteRulesBackendRefs { + weight: None, + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend1.name_unchecked(), + namespace: backend1.namespace(), + port: Some(8080), filters: None, }, - linkerd_k8s_api::httproute::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - weight: None, - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend2.name_unchecked(), - namespace: backend2.namespace(), - port: Some(8080), - }, - }), + gateway::HTTPRouteRulesBackendRefs { + weight: None, + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend2.name_unchecked(), + namespace: backend2.namespace(), + port: Some(8080), filters: None, }, ]), @@ -221,12 +258,21 @@ fn linkerd_route_with_valid_service_backends() { let accepted_condition = accepted(); // All backends exist and can be resolved. let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -253,19 +299,18 @@ fn linkerd_route_with_valid_egress_networks_backends() { ); // Apply the parent egress network - let parent: linkerd_k8s_api::EgressNetwork = - super::make_egress_network("ns-0", "egress", accepted()); + let parent: policy::EgressNetwork = super::make_egress_network("ns-0", "egress", accepted()); index.write().apply(parent.clone()); let id = NamespaceGroupKindName { namespace: parent.namespace().as_deref().unwrap().to_string(), gkn: GroupKindName { - group: linkerd_k8s_api::HttpRoute::group(&()), - kind: linkerd_k8s_api::HttpRoute::kind(&()), + group: policy::HttpRoute::group(&()), + kind: policy::HttpRoute::kind(&()), name: "route-foo".into(), }, }; - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -276,17 +321,13 @@ fn linkerd_route_with_valid_egress_networks_backends() { let route = make_linkerd_route( &id, parent.clone(), - Some(vec![linkerd_k8s_api::httproute::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - weight: None, - inner: k8s_gateway_api::BackendObjectReference { - group: Some("policy.linkerd.io".to_string()), - kind: Some("EgressNetwork".to_string()), - name: parent.name.clone(), - namespace: parent.namespace.clone(), - port: Some(8080), - }, - }), + Some(vec![gateway::HTTPRouteRulesBackendRefs { + weight: None, + group: Some("policy.linkerd.io".to_string()), + kind: Some("EgressNetwork".to_string()), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: Some(8080), filters: None, }]), ); @@ -296,12 +337,21 @@ fn linkerd_route_with_valid_egress_networks_backends() { let accepted_condition = accepted(); // All backends exist and can be resolved. let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch: linkerd_policy_controller_k8s_api::Patch = crate::index::make_patch(&id, status).unwrap(); @@ -341,7 +391,7 @@ fn gateway_route_with_valid_service_backends() { index.write().apply(backend2.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -352,8 +402,8 @@ fn gateway_route_with_valid_service_backends() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::HttpRoute::group(&()), - kind: k8s_gateway_api::HttpRoute::kind(&()), + group: gateway::HTTPRoute::group(&()), + kind: gateway::HTTPRoute::kind(&()), name: "route-foo".into(), }, }; @@ -361,30 +411,22 @@ fn gateway_route_with_valid_service_backends() { &id, parent.clone(), Some(vec![ - k8s_gateway_api::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - weight: None, - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend1.name_unchecked(), - namespace: backend1.namespace(), - port: Some(8080), - }, - }), + gateway::HTTPRouteRulesBackendRefs { + weight: None, + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend1.name_unchecked(), + namespace: backend1.namespace(), + port: Some(8080), filters: None, }, - k8s_gateway_api::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - weight: None, - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend2.name_unchecked(), - namespace: backend2.namespace(), - port: Some(8080), - }, - }), + gateway::HTTPRouteRulesBackendRefs { + weight: None, + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend2.name_unchecked(), + namespace: backend2.namespace(), + port: Some(8080), filters: None, }, ]), @@ -395,12 +437,21 @@ fn gateway_route_with_valid_service_backends() { let accepted_condition = accepted(); // All backends exist and can be resolved. let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -431,7 +482,7 @@ fn gateway_route_with_valid_egress_networks_backends() { index.write().apply(parent.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -442,25 +493,21 @@ fn gateway_route_with_valid_egress_networks_backends() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::HttpRoute::group(&()), - kind: k8s_gateway_api::HttpRoute::kind(&()), + group: gateway::HTTPRoute::group(&()), + kind: gateway::HTTPRoute::kind(&()), name: "route-foo".into(), }, }; let route = make_gateway_route( &id, parent.clone(), - Some(vec![k8s_gateway_api::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - weight: None, - inner: k8s_gateway_api::BackendObjectReference { - group: Some("policy.linkerd.io".to_string()), - kind: Some("EgressNetwork".to_string()), - name: parent.name.clone(), - namespace: parent.namespace.clone(), - port: Some(8080), - }, - }), + Some(vec![gateway::HTTPRouteRulesBackendRefs { + weight: None, + group: Some("policy.linkerd.io".to_string()), + kind: Some("EgressNetwork".to_string()), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: Some(8080), filters: None, }]), ); @@ -470,12 +517,21 @@ fn gateway_route_with_valid_egress_networks_backends() { let accepted_condition = accepted(); // All backends exist and can be resolved. let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -510,7 +566,7 @@ fn linkerd_route_with_invalid_service_backend() { index.write().apply(backend.clone()); // Apply the route. - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -521,8 +577,8 @@ fn linkerd_route_with_invalid_service_backend() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: linkerd_k8s_api::HttpRoute::group(&()), - kind: linkerd_k8s_api::HttpRoute::kind(&()), + group: policy::HttpRoute::group(&()), + kind: policy::HttpRoute::kind(&()), name: "route-foo".into(), }, }; @@ -530,30 +586,22 @@ fn linkerd_route_with_invalid_service_backend() { &id, parent.clone(), Some(vec![ - linkerd_k8s_api::httproute::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - weight: None, - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, - }), + gateway::HTTPRouteRulesBackendRefs { + weight: None, + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), filters: None, }, - linkerd_k8s_api::httproute::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - weight: None, - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: "nonexistent-backend".to_string(), - namespace: backend.namespace(), - port: Some(8080), - }, - }), + gateway::HTTPRouteRulesBackendRefs { + weight: None, + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: "nonexistent-backend".to_string(), + namespace: backend.namespace(), + port: Some(8080), filters: None, }, ]), @@ -564,12 +612,21 @@ fn linkerd_route_with_invalid_service_backend() { let accepted_condition = accepted(); // One of the backends does not exist so the status should be BackendNotFound. let backend_condition = backend_not_found(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -604,7 +661,7 @@ fn linkerd_route_with_egress_network_backend_different_from_parent() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -615,25 +672,21 @@ fn linkerd_route_with_egress_network_backend_different_from_parent() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: linkerd_k8s_api::HttpRoute::group(&()), - kind: linkerd_k8s_api::HttpRoute::kind(&()), + group: policy::HttpRoute::group(&()), + kind: policy::HttpRoute::kind(&()), name: "route-foo".into(), }, }; let route = make_linkerd_route( &id, parent.clone(), - Some(vec![linkerd_k8s_api::httproute::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("policy.linkerd.io".to_string()), - kind: Some("EgressNetwork".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, - weight: None, - }), + Some(vec![gateway::HTTPRouteRulesBackendRefs { + group: Some("policy.linkerd.io".to_string()), + kind: Some("EgressNetwork".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), + weight: None, filters: None, }]), ); @@ -644,12 +697,21 @@ fn linkerd_route_with_egress_network_backend_different_from_parent() { let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -684,7 +746,7 @@ fn linkerd_route_with_egress_network_backend_and_service_parent() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -695,8 +757,8 @@ fn linkerd_route_with_egress_network_backend_and_service_parent() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: linkerd_k8s_api::HttpRoute::group(&()), - kind: linkerd_k8s_api::HttpRoute::kind(&()), + group: policy::HttpRoute::group(&()), + kind: policy::HttpRoute::kind(&()), name: "route-foo".into(), }, }; @@ -704,17 +766,13 @@ fn linkerd_route_with_egress_network_backend_and_service_parent() { let route = make_linkerd_route( &id, parent.clone(), - Some(vec![linkerd_k8s_api::httproute::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("policy.linkerd.io".to_string()), - kind: Some("EgressNetwork".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, - weight: None, - }), + Some(vec![gateway::HTTPRouteRulesBackendRefs { + group: Some("policy.linkerd.io".to_string()), + kind: Some("EgressNetwork".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), + weight: None, filters: None, }]), ); @@ -725,12 +783,21 @@ fn linkerd_route_with_egress_network_backend_and_service_parent() { let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -765,7 +832,7 @@ fn linkerd_route_with_egress_network_parent_and_service_backend() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -776,8 +843,8 @@ fn linkerd_route_with_egress_network_parent_and_service_backend() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: linkerd_k8s_api::HttpRoute::group(&()), - kind: linkerd_k8s_api::HttpRoute::kind(&()), + group: policy::HttpRoute::group(&()), + kind: policy::HttpRoute::kind(&()), name: "route-foo".into(), }, }; @@ -785,17 +852,13 @@ fn linkerd_route_with_egress_network_parent_and_service_backend() { let route = make_linkerd_route( &id, parent.clone(), - Some(vec![linkerd_k8s_api::httproute::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, - weight: None, - }), + Some(vec![gateway::HTTPRouteRulesBackendRefs { + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), + weight: None, filters: None, }]), ); @@ -804,12 +867,21 @@ fn linkerd_route_with_egress_network_parent_and_service_backend() { // Create the expected update. let accepted_condition = accepted(); let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -844,7 +916,7 @@ fn gateway_route_with_invalid_service_backend() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -855,8 +927,8 @@ fn gateway_route_with_invalid_service_backend() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::HttpRoute::group(&()), - kind: k8s_gateway_api::HttpRoute::kind(&()), + group: gateway::HTTPRoute::group(&()), + kind: gateway::HTTPRoute::kind(&()), name: "route-foo".into(), }, }; @@ -864,30 +936,22 @@ fn gateway_route_with_invalid_service_backend() { &id, parent.clone(), Some(vec![ - k8s_gateway_api::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - weight: None, - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, - }), + gateway::HTTPRouteRulesBackendRefs { + weight: None, + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), filters: None, }, - k8s_gateway_api::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - weight: None, - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: "nonexistent-backend".to_string(), - namespace: backend.namespace(), - port: Some(8080), - }, - }), + gateway::HTTPRouteRulesBackendRefs { + weight: None, + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: "nonexistent-backend".to_string(), + namespace: backend.namespace(), + port: Some(8080), filters: None, }, ]), @@ -898,12 +962,21 @@ fn gateway_route_with_invalid_service_backend() { let accepted_condition = accepted(); // One of the backends does not exist so the status should be BackendNotFound. let backend_condition = backend_not_found(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -938,7 +1011,7 @@ fn gateway_route_with_egress_network_backend_different_from_parent() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -949,25 +1022,21 @@ fn gateway_route_with_egress_network_backend_different_from_parent() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::HttpRoute::group(&()), - kind: k8s_gateway_api::HttpRoute::kind(&()), + group: gateway::HTTPRoute::group(&()), + kind: gateway::HTTPRoute::kind(&()), name: "route-foo".into(), }, }; let route = make_gateway_route( &id, parent.clone(), - Some(vec![linkerd_k8s_api::httproute::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("policy.linkerd.io".to_string()), - kind: Some("EgressNetwork".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, - weight: None, - }), + Some(vec![gateway::HTTPRouteRulesBackendRefs { + group: Some("policy.linkerd.io".to_string()), + kind: Some("EgressNetwork".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), + weight: None, filters: None, }]), ); @@ -978,12 +1047,21 @@ fn gateway_route_with_egress_network_backend_different_from_parent() { let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -1018,7 +1096,7 @@ fn gateway_route_with_egress_network_backend_and_service_parent() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -1029,8 +1107,8 @@ fn gateway_route_with_egress_network_backend_and_service_parent() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::HttpRoute::group(&()), - kind: k8s_gateway_api::HttpRoute::kind(&()), + group: gateway::HTTPRoute::group(&()), + kind: gateway::HTTPRoute::kind(&()), name: "route-foo".into(), }, }; @@ -1038,17 +1116,13 @@ fn gateway_route_with_egress_network_backend_and_service_parent() { let route = make_gateway_route( &id, parent.clone(), - Some(vec![linkerd_k8s_api::httproute::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("policy.linkerd.io".to_string()), - kind: Some("EgressNetwork".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, - weight: None, - }), + Some(vec![gateway::HTTPRouteRulesBackendRefs { + group: Some("policy.linkerd.io".to_string()), + kind: Some("EgressNetwork".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), + weight: None, filters: None, }]), ); @@ -1059,12 +1133,21 @@ fn gateway_route_with_egress_network_backend_and_service_parent() { let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -1099,7 +1182,7 @@ fn gateway_route_with_egress_network_parent_and_service_backend() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -1110,8 +1193,8 @@ fn gateway_route_with_egress_network_parent_and_service_backend() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::HttpRoute::group(&()), - kind: k8s_gateway_api::HttpRoute::kind(&()), + group: gateway::HTTPRoute::group(&()), + kind: gateway::HTTPRoute::kind(&()), name: "route-foo".into(), }, }; @@ -1119,17 +1202,13 @@ fn gateway_route_with_egress_network_parent_and_service_backend() { let route = make_gateway_route( &id, parent.clone(), - Some(vec![k8s_gateway_api::HttpBackendRef { - backend_ref: Some(k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, - weight: None, - }), + Some(vec![gateway::HTTPRouteRulesBackendRefs { + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), + weight: None, filters: None, }]), ); @@ -1138,12 +1217,21 @@ fn gateway_route_with_egress_network_parent_and_service_backend() { // Create the expected update. let accepted_condition = accepted(); let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -1173,12 +1261,12 @@ fn linkerd_route_accepted_after_server_create() { let id = NamespaceGroupKindName { namespace: "ns-0".to_string(), gkn: GroupKindName { - group: linkerd_k8s_api::HttpRoute::group(&()), - kind: linkerd_k8s_api::HttpRoute::kind(&()), + group: policy::HttpRoute::group(&()), + kind: policy::HttpRoute::kind(&()), name: "route-foo".into(), }, }; - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("Server".to_string()), namespace: None, @@ -1199,7 +1287,9 @@ fn linkerd_route_accepted_after_server_create() { "False", "NoMatchingParent", ); - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The first update will be that the HTTPRoute is not accepted because the @@ -1215,14 +1305,16 @@ fn linkerd_route_accepted_after_server_create() { 8080, Some(("app", "app-0")), Some(("app", "app-0")), - Some(linkerd_k8s_api::server::ProxyProtocol::Http1), + Some(policy::server::ProxyProtocol::Http1), ); index.write().apply(server); // Create the expected update. let parent_status = make_parent_status(&id.namespace, "srv-8080", "Accepted", "True", "Accepted"); - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the HTTPRoute is accepted because the @@ -1254,12 +1346,12 @@ fn linkerd_route_accepted_after_egress_network_create() { let id = NamespaceGroupKindName { namespace: "ns-0".to_string(), gkn: GroupKindName { - group: linkerd_k8s_api::HttpRoute::group(&()), - kind: linkerd_k8s_api::HttpRoute::kind(&()), + group: policy::HttpRoute::group(&()), + kind: policy::HttpRoute::kind(&()), name: "route-foo".into(), }, }; - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("EgressNetwork".to_string()), namespace: Some("ns-0".to_string()), @@ -1275,13 +1367,22 @@ fn linkerd_route_accepted_after_egress_network_create() { // Create the expected update. let accepted_condition = no_matching_parent(); let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + namespace: parent.namespace.clone(), + name: parent.name.clone(), + section_name: parent.section_name.clone(), + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition.clone()], + conditions: Some(vec![accepted_condition, backend_condition.clone()]), }; - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The first update will be that the HTTPRoute is not accepted because the @@ -1296,13 +1397,22 @@ fn linkerd_route_accepted_after_egress_network_create() { // Create the expected update. let accepted_condition = accepted(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), }; - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the HTTPRoute is accepted because the @@ -1335,11 +1445,11 @@ fn gateway_route_accepted_after_server_create() { namespace: "ns-0".to_string(), gkn: GroupKindName { name: "route-foo".into(), - kind: k8s_gateway_api::HttpRoute::kind(&()), - group: k8s_gateway_api::HttpRoute::group(&()), + kind: gateway::HTTPRoute::kind(&()), + group: gateway::HTTPRoute::group(&()), }, }; - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("Server".to_string()), namespace: None, @@ -1360,7 +1470,9 @@ fn gateway_route_accepted_after_server_create() { "False", "NoMatchingParent", ); - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The first update will be that the HTTPRoute is not accepted because the @@ -1376,14 +1488,16 @@ fn gateway_route_accepted_after_server_create() { 8080, Some(("app", "app-0")), Some(("app", "app-0")), - Some(linkerd_k8s_api::server::ProxyProtocol::Http1), + Some(policy::server::ProxyProtocol::Http1), ); index.write().apply(server); // Create the expected update. let parent_status = make_parent_status(&id.namespace, "srv-8080", "Accepted", "True", "Accepted"); - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the HTTPRoute is accepted because the @@ -1415,12 +1529,12 @@ fn gateway_route_accepted_after_egress_network_create() { let id = NamespaceGroupKindName { namespace: "ns-0".to_string(), gkn: GroupKindName { - group: k8s_gateway_api::HttpRoute::group(&()), - kind: k8s_gateway_api::HttpRoute::kind(&()), + group: gateway::HTTPRoute::group(&()), + kind: gateway::HTTPRoute::kind(&()), name: "route-foo".into(), }, }; - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("EgressNetwork".to_string()), namespace: Some("ns-0".to_string()), @@ -1436,13 +1550,22 @@ fn gateway_route_accepted_after_egress_network_create() { // Create the expected update. let rejected_condition = no_matching_parent(); let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + namespace: parent.namespace.clone(), + name: parent.name.clone(), + section_name: parent.section_name.clone(), + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![rejected_condition, backend_condition.clone()], + conditions: Some(vec![rejected_condition, backend_condition.clone()]), }; - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The first update will be that the HTTPRoute is not accepted because the @@ -1457,13 +1580,22 @@ fn gateway_route_accepted_after_egress_network_create() { // Create the expected update. let accepted_condition = accepted(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + namespace: parent.namespace, + name: parent.name, + section_name: parent.section_name, + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), }; - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the HTTPRoute is accepted because the @@ -1497,7 +1629,7 @@ fn linkerd_route_rejected_after_server_delete() { 8080, Some(("app", "app-0")), Some(("app", "app-0")), - Some(linkerd_k8s_api::server::ProxyProtocol::Http1), + Some(policy::server::ProxyProtocol::Http1), ); index.write().apply(server); @@ -1508,12 +1640,12 @@ fn linkerd_route_rejected_after_server_delete() { let id = NamespaceGroupKindName { namespace: "ns-0".to_string(), gkn: GroupKindName { - group: linkerd_k8s_api::HttpRoute::group(&()), - kind: linkerd_k8s_api::HttpRoute::kind(&()), + group: policy::HttpRoute::group(&()), + kind: policy::HttpRoute::kind(&()), name: "route-foo".into(), }, }; - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("Server".to_string()), namespace: None, @@ -1529,7 +1661,9 @@ fn linkerd_route_rejected_after_server_delete() { // Create the expected update. let parent_status = make_parent_status(&id.namespace, "srv-8080", "Accepted", "True", "Accepted"); - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the HTTPRoute is accepted because the @@ -1540,7 +1674,7 @@ fn linkerd_route_rejected_after_server_delete() { { let mut index = index.write(); - >::delete( + >::delete( &mut index, "ns-0".to_string(), "srv-8080".to_string(), @@ -1550,7 +1684,9 @@ fn linkerd_route_rejected_after_server_delete() { // Create the expected update. let parent_status = make_parent_status("ns-0", "srv-8080", "Accepted", "False", "NoMatchingParent"); - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The third update will be that the HTTPRoute is not accepted because the @@ -1588,12 +1724,12 @@ fn linkerd_route_rejected_after_egress_network_delete() { let id = NamespaceGroupKindName { namespace: "ns-0".to_string(), gkn: GroupKindName { - group: linkerd_k8s_api::HttpRoute::group(&()), - kind: linkerd_k8s_api::HttpRoute::kind(&()), + group: policy::HttpRoute::group(&()), + kind: policy::HttpRoute::kind(&()), name: "route-foo".into(), }, }; - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("EgressNetwork".to_string()), namespace: Some("ns-0".to_string()), @@ -1609,13 +1745,22 @@ fn linkerd_route_rejected_after_egress_network_delete() { // Create the expected update. let accepted_condition = accepted(); let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + namespace: parent.namespace.clone(), + name: parent.name.clone(), + section_name: parent.section_name.clone(), + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition.clone()], + conditions: Some(vec![accepted_condition, backend_condition.clone()]), }; - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the HTTPRoute is accepted because the @@ -1626,7 +1771,7 @@ fn linkerd_route_rejected_after_egress_network_delete() { { let mut index = index.write(); - >::delete( + >::delete( &mut index, "ns-0".to_string(), "egress".to_string(), @@ -1635,13 +1780,22 @@ fn linkerd_route_rejected_after_egress_network_delete() { // Create the expected update. let rejected_condition = no_matching_parent(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + namespace: parent.namespace.clone(), + name: parent.name.clone(), + section_name: parent.section_name.clone(), + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![rejected_condition, backend_condition.clone()], + conditions: Some(vec![rejected_condition, backend_condition.clone()]), }; - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The third update will be that the HTTPRoute is not accepted because the @@ -1675,7 +1829,7 @@ fn gateway_route_rejected_after_server_delete() { 8080, Some(("app", "app-0")), Some(("app", "app-0")), - Some(linkerd_k8s_api::server::ProxyProtocol::Http1), + Some(policy::server::ProxyProtocol::Http1), ); index.write().apply(server); @@ -1687,11 +1841,11 @@ fn gateway_route_rejected_after_server_delete() { namespace: "ns-0".to_string(), gkn: GroupKindName { name: "route-foo".into(), - kind: k8s_gateway_api::HttpRoute::kind(&()), - group: k8s_gateway_api::HttpRoute::group(&()), + kind: gateway::HTTPRoute::kind(&()), + group: gateway::HTTPRoute::group(&()), }, }; - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("Server".to_string()), namespace: None, @@ -1707,7 +1861,9 @@ fn gateway_route_rejected_after_server_delete() { // Create the expected update. let parent_status = make_parent_status(&id.namespace, "srv-8080", "Accepted", "True", "Accepted"); - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the HTTPRoute is accepted because the @@ -1718,7 +1874,7 @@ fn gateway_route_rejected_after_server_delete() { { let mut index = index.write(); - >::delete( + >::delete( &mut index, "ns-0".to_string(), "srv-8080".to_string(), @@ -1728,7 +1884,9 @@ fn gateway_route_rejected_after_server_delete() { // Create the expected update. let parent_status = make_parent_status("ns-0", "srv-8080", "Accepted", "False", "NoMatchingParent"); - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The third update will be that the HTTPRoute is not accepted because the @@ -1766,12 +1924,12 @@ fn gateway_route_rejected_after_egress_network_delete() { let id = NamespaceGroupKindName { namespace: "ns-0".to_string(), gkn: GroupKindName { - group: k8s_gateway_api::HttpRoute::group(&()), - kind: k8s_gateway_api::HttpRoute::kind(&()), + group: gateway::HTTPRoute::group(&()), + kind: gateway::HTTPRoute::kind(&()), name: "route-foo".into(), }, }; - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::HTTPRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("EgressNetwork".to_string()), namespace: Some("ns-0".to_string()), @@ -1787,13 +1945,22 @@ fn gateway_route_rejected_after_egress_network_delete() { // Create the expected update. let accepted_condition = accepted(); let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + namespace: parent.namespace.clone(), + name: parent.name.clone(), + section_name: parent.section_name.clone(), + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition.clone()], + conditions: Some(vec![accepted_condition, backend_condition.clone()]), }; - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the HTTPRoute is accepted because the @@ -1804,7 +1971,7 @@ fn gateway_route_rejected_after_egress_network_delete() { { let mut index = index.write(); - >::delete( + >::delete( &mut index, "ns-0".to_string(), "egress".to_string(), @@ -1813,13 +1980,22 @@ fn gateway_route_rejected_after_egress_network_delete() { // Create the expected update. let rejected_condition = no_matching_parent(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::HTTPRouteStatusParents { + parent_ref: gateway::HTTPRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + namespace: parent.namespace.clone(), + name: parent.name.clone(), + section_name: parent.section_name.clone(), + port: parent.port, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![rejected_condition, backend_condition.clone()], + conditions: Some(vec![rejected_condition, backend_condition.clone()]), }; - let status = make_status(vec![parent_status]); + let status = gateway::HTTPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The third update will be that the HTTPRoute is not accepted because the @@ -1830,39 +2006,30 @@ fn gateway_route_rejected_after_egress_network_delete() { assert!(updates_rx.try_recv().is_err()); } -fn make_status( - parents: Vec, -) -> k8s_gateway_api::HttpRouteStatus { - k8s_gateway_api::HttpRouteStatus { - inner: k8s_gateway_api::RouteStatus { parents }, - } -} - fn make_linkerd_route( id: &NamespaceGroupKindName, - parent: linkerd_k8s_api::httproute::ParentReference, - backends: Option>, -) -> linkerd_k8s_api::HttpRoute { - linkerd_k8s_api::HttpRoute { - metadata: k8s_core_api::ObjectMeta { + parent: gateway::HTTPRouteParentRefs, + backends: Option>, +) -> policy::HttpRoute { + policy::HttpRoute { + metadata: k8s::ObjectMeta { namespace: Some(id.namespace.clone()), name: Some(id.gkn.name.to_string()), - creation_timestamp: Some(k8s_core_api::Time(Utc::now())), + creation_timestamp: Some(k8s::Time(Utc::now())), ..Default::default() }, - spec: linkerd_k8s_api::HttpRouteSpec { - inner: linkerd_k8s_api::httproute::CommonRouteSpec { - parent_refs: Some(vec![parent]), - }, + spec: policy::HttpRouteSpec { + parent_refs: Some(vec![parent]), hostnames: None, - rules: Some(vec![linkerd_k8s_api::httproute::HttpRouteRule { - matches: Some(vec![linkerd_k8s_api::httproute::HttpRouteMatch { - path: Some(linkerd_k8s_api::httproute::HttpPathMatch::PathPrefix { - value: "/foo/bar".to_string(), + rules: Some(vec![policy::httproute::HttpRouteRule { + matches: Some(vec![gateway::HTTPRouteRulesMatches { + path: Some(gateway::HTTPRouteRulesMatchesPath { + value: Some("/foo/bar".to_string()), + r#type: Some(gateway::HTTPRouteRulesMatchesPathType::PathPrefix), }), headers: None, query_params: None, - method: Some("GET".to_string()), + method: Some(gateway::HTTPRouteRulesMatchesMethod::Get), }]), filters: None, backend_refs: backends, @@ -1875,33 +2042,33 @@ fn make_linkerd_route( fn make_gateway_route( id: &NamespaceGroupKindName, - parent: k8s_gateway_api::ParentReference, - backends: Option>, -) -> k8s_gateway_api::HttpRoute { - k8s_gateway_api::HttpRoute { + parent: gateway::HTTPRouteParentRefs, + backends: Option>, +) -> gateway::HTTPRoute { + gateway::HTTPRoute { status: None, - metadata: k8s_core_api::ObjectMeta { + metadata: k8s::ObjectMeta { name: Some(id.gkn.name.to_string()), namespace: Some(id.namespace.clone()), - creation_timestamp: Some(k8s_core_api::Time(Utc::now())), + creation_timestamp: Some(k8s::Time(Utc::now())), ..Default::default() }, - spec: k8s_gateway_api::HttpRouteSpec { - inner: k8s_gateway_api::CommonRouteSpec { - parent_refs: Some(vec![parent]), - }, + spec: gateway::HTTPRouteSpec { + parent_refs: Some(vec![parent]), hostnames: None, - rules: Some(vec![k8s_gateway_api::HttpRouteRule { + rules: Some(vec![gateway::HTTPRouteRules { filters: None, backend_refs: backends, - matches: Some(vec![k8s_gateway_api::HttpRouteMatch { + matches: Some(vec![gateway::HTTPRouteRulesMatches { headers: None, query_params: None, - method: Some("GET".to_string()), - path: Some(k8s_gateway_api::HttpPathMatch::PathPrefix { - value: "/foo/bar".to_string(), + method: Some(gateway::HTTPRouteRulesMatchesMethod::Get), + path: Some(gateway::HTTPRouteRulesMatchesPath { + value: Some("/foo/bar".to_string()), + r#type: Some(gateway::HTTPRouteRulesMatchesPathType::PathPrefix), }), }]), + ..Default::default() }]), }, } diff --git a/policy-controller/k8s/status/src/tests/routes/tcp.rs b/policy-controller/k8s/status/src/tests/routes/tcp.rs index 49c55959098cf..835fd7a11418d 100644 --- a/policy-controller/k8s/status/src/tests/routes/tcp.rs +++ b/policy-controller/k8s/status/src/tests/routes/tcp.rs @@ -1,4 +1,3 @@ -use super::make_parent_status; use crate::{ index::{ accepted, backend_not_found, invalid_backend_kind, no_matching_parent, resolved_refs, @@ -12,12 +11,40 @@ use chrono::{DateTime, Utc}; use kubert::index::IndexNamespacedResource; use linkerd_policy_controller_core::{routes::GroupKindName, POLICY_CONTROLLER_NAME}; use linkerd_policy_controller_k8s_api::{ - self as k8s_core_api, gateway as k8s_gateway_api, policy as linkerd_k8s_api, Resource, - ResourceExt, + self as k8s, gateway::tcproutes as gateway, policy, Resource, ResourceExt, }; use std::{sync::Arc, vec}; use tokio::sync::{mpsc, watch}; +pub(crate) fn make_parent_status( + namespace: impl ToString, + name: impl ToString, + type_: impl ToString, + status: impl ToString, + reason: impl ToString, +) -> gateway::TCPRouteStatusParents { + let condition = k8s::Condition { + message: "".to_string(), + type_: type_.to_string(), + observed_generation: None, + reason: reason.to_string(), + status: status.to_string(), + last_transition_time: k8s::Time(DateTime::::MIN_UTC), + }; + gateway::TCPRouteStatusParents { + conditions: Some(vec![condition]), + parent_ref: gateway::TCPRouteStatusParentsParentRef { + port: None, + section_name: None, + name: name.to_string(), + kind: Some("Server".to_string()), + namespace: Some(namespace.to_string()), + group: Some(POLICY_API_GROUP.to_string()), + }, + controller_name: POLICY_CONTROLLER_NAME.to_string(), + } +} + #[test] fn route_with_valid_service_backends() { let hostname = "test"; @@ -48,7 +75,7 @@ fn route_with_valid_service_backends() { index.write().apply(backend2.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TCPRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -59,8 +86,8 @@ fn route_with_valid_service_backends() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TcpRoute::group(&()), - kind: k8s_gateway_api::TcpRoute::kind(&()), + group: gateway::TCPRoute::group(&()), + kind: gateway::TCPRoute::kind(&()), name: "route-foo".into(), }, }; @@ -68,24 +95,20 @@ fn route_with_valid_service_backends() { &id, parent.clone(), vec![ - k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend1.name_unchecked(), - namespace: backend1.namespace(), - port: Some(8080), - }, + gateway::TCPRouteRulesBackendRefs { + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend1.name_unchecked(), + namespace: backend1.namespace(), + port: Some(8080), weight: None, }, - k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend2.name_unchecked(), - namespace: backend2.namespace(), - port: Some(8080), - }, + gateway::TCPRouteRulesBackendRefs { + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend2.name_unchecked(), + namespace: backend2.namespace(), + port: Some(8080), weight: None, }, ], @@ -96,12 +119,21 @@ fn route_with_valid_service_backends() { let accepted_condition = accepted(); // All backends exist and can be resolved. let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::TCPRouteStatusParents { + parent_ref: gateway::TCPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::TCPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -132,7 +164,7 @@ fn route_with_valid_egress_network_backend() { index.write().apply(parent.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TCPRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -143,22 +175,20 @@ fn route_with_valid_egress_network_backend() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TcpRoute::group(&()), - kind: k8s_gateway_api::TcpRoute::kind(&()), + group: gateway::TCPRoute::group(&()), + kind: gateway::TCPRoute::kind(&()), name: "route-foo".into(), }, }; let route = make_route( &id, parent.clone(), - vec![k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("policy.linkerd.io".to_string()), - kind: Some("EgressNetwork".to_string()), - name: parent.name.clone(), - namespace: parent.namespace.clone(), - port: Some(8080), - }, + vec![gateway::TCPRouteRulesBackendRefs { + group: Some("policy.linkerd.io".to_string()), + kind: Some("EgressNetwork".to_string()), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: Some(8080), weight: None, }], ); @@ -168,12 +198,21 @@ fn route_with_valid_egress_network_backend() { let accepted_condition = accepted(); // All backends exist and can be resolved. let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::TCPRouteStatusParents { + parent_ref: gateway::TCPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::TCPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -208,7 +247,7 @@ fn route_with_invalid_service_backend() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TCPRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -219,8 +258,8 @@ fn route_with_invalid_service_backend() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TcpRoute::group(&()), - kind: k8s_gateway_api::TcpRoute::kind(&()), + group: gateway::TCPRoute::group(&()), + kind: gateway::TCPRoute::kind(&()), name: "route-foo".into(), }, }; @@ -228,24 +267,20 @@ fn route_with_invalid_service_backend() { &id, parent.clone(), vec![ - k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, + gateway::TCPRouteRulesBackendRefs { + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), weight: None, }, - k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: "nonexistant-backend".to_string(), - namespace: backend.namespace(), - port: Some(8080), - }, + gateway::TCPRouteRulesBackendRefs { + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: "nonexistant-backend".to_string(), + namespace: backend.namespace(), + port: Some(8080), weight: None, }, ], @@ -256,12 +291,21 @@ fn route_with_invalid_service_backend() { let accepted_condition = accepted(); // One of the backends does not exist so the status should be BackendNotFound. let backend_condition = backend_not_found(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::TCPRouteStatusParents { + parent_ref: gateway::TCPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::TCPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -296,7 +340,7 @@ fn route_with_egress_network_backend_different_from_parent() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TCPRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -307,22 +351,20 @@ fn route_with_egress_network_backend_different_from_parent() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TcpRoute::group(&()), - kind: k8s_gateway_api::TcpRoute::kind(&()), + group: gateway::TCPRoute::group(&()), + kind: gateway::TCPRoute::kind(&()), name: "route-foo".into(), }, }; let route = make_route( &id, parent.clone(), - vec![k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("policy.linkerd.io".to_string()), - kind: Some("EgressNetwork".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, + vec![gateway::TCPRouteRulesBackendRefs { + group: Some("policy.linkerd.io".to_string()), + kind: Some("EgressNetwork".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), weight: None, }], ); @@ -333,12 +375,21 @@ fn route_with_egress_network_backend_different_from_parent() { let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::TCPRouteStatusParents { + parent_ref: gateway::TCPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::TCPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -373,7 +424,7 @@ fn route_with_egress_network_backend_and_service_parent() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TCPRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -384,22 +435,20 @@ fn route_with_egress_network_backend_and_service_parent() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TcpRoute::group(&()), - kind: k8s_gateway_api::TcpRoute::kind(&()), + group: gateway::TCPRoute::group(&()), + kind: gateway::TCPRoute::kind(&()), name: "route-foo".into(), }, }; let route = make_route( &id, parent.clone(), - vec![k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("policy.linkerd.io".to_string()), - kind: Some("EgressNetwork".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, + vec![gateway::TCPRouteRulesBackendRefs { + group: Some("policy.linkerd.io".to_string()), + kind: Some("EgressNetwork".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), weight: None, }], ); @@ -410,12 +459,21 @@ fn route_with_egress_network_backend_and_service_parent() { let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::TCPRouteStatusParents { + parent_ref: gateway::TCPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::TCPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -450,7 +508,7 @@ fn route_with_egress_network_parent_and_service_backend() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TCPRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -461,22 +519,20 @@ fn route_with_egress_network_parent_and_service_backend() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TcpRoute::group(&()), - kind: k8s_gateway_api::TcpRoute::kind(&()), + group: gateway::TCPRoute::group(&()), + kind: gateway::TCPRoute::kind(&()), name: "route-foo".into(), }, }; let route = make_route( &id, parent.clone(), - vec![k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, + vec![gateway::TCPRouteRulesBackendRefs { + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), weight: None, }], ); @@ -485,12 +541,21 @@ fn route_with_egress_network_parent_and_service_backend() { // Create the expected update. let accepted_condition = accepted(); let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::TCPRouteStatusParents { + parent_ref: gateway::TCPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::TCPRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -521,11 +586,11 @@ fn route_accepted_after_server_create() { namespace: "ns-0".to_string(), gkn: GroupKindName { name: "route-foo".into(), - kind: k8s_gateway_api::TcpRoute::kind(&()), - group: k8s_gateway_api::TcpRoute::group(&()), + kind: gateway::TCPRoute::kind(&()), + group: gateway::TCPRoute::group(&()), }, }; - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TCPRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("Server".to_string()), namespace: None, @@ -546,7 +611,9 @@ fn route_accepted_after_server_create() { "False", "NoMatchingParent", ); - let status = make_status(vec![parent_status]); + let status = gateway::TCPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The first update will be that the TLSRoute is not accepted because the @@ -562,14 +629,16 @@ fn route_accepted_after_server_create() { 8080, Some(("app", "app-0")), Some(("app", "app-0")), - Some(linkerd_k8s_api::server::ProxyProtocol::Http2), + Some(policy::server::ProxyProtocol::Http2), ); index.write().apply(server); // Create the expected update. let parent_status = make_parent_status(&id.namespace, "srv-8080", "Accepted", "True", "Accepted"); - let status = make_status(vec![parent_status]); + let status = gateway::TCPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the TCPRoute is accepted because the @@ -601,12 +670,12 @@ fn route_accepted_after_egress_network_create() { let id = NamespaceGroupKindName { namespace: "ns-0".to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TcpRoute::group(&()), - kind: k8s_gateway_api::TcpRoute::kind(&()), + group: gateway::TCPRoute::group(&()), + kind: gateway::TCPRoute::kind(&()), name: "route-foo".into(), }, }; - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::TCPRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("EgressNetwork".to_string()), namespace: Some("ns-0".to_string()), @@ -622,13 +691,22 @@ fn route_accepted_after_egress_network_create() { // Create the expected update. let accepted_condition = no_matching_parent(); let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::TCPRouteStatusParents { + parent_ref: gateway::TCPRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition.clone()], + conditions: Some(vec![accepted_condition, backend_condition.clone()]), }; - let status = make_status(vec![parent_status]); + let status = gateway::TCPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The first update will be that the TCPRoute is not accepted because the @@ -643,13 +721,22 @@ fn route_accepted_after_egress_network_create() { // Create the expected update. let accepted_condition = accepted(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::TCPRouteStatusParents { + parent_ref: gateway::TCPRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), }; - let status = make_status(vec![parent_status]); + let status = gateway::TCPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the TCPRoute is accepted because the @@ -683,7 +770,7 @@ fn route_rejected_after_server_delete() { 8080, Some(("app", "app-0")), Some(("app", "app-0")), - Some(linkerd_k8s_api::server::ProxyProtocol::Http2), + Some(policy::server::ProxyProtocol::Http2), ); index.write().apply(server); @@ -695,11 +782,11 @@ fn route_rejected_after_server_delete() { namespace: "ns-0".to_string(), gkn: GroupKindName { name: "route-foo".into(), - kind: k8s_gateway_api::TcpRoute::kind(&()), - group: k8s_gateway_api::TcpRoute::group(&()), + kind: gateway::TCPRoute::kind(&()), + group: gateway::TCPRoute::group(&()), }, }; - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TCPRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("Server".to_string()), namespace: None, @@ -715,7 +802,9 @@ fn route_rejected_after_server_delete() { // Create the expected update. let parent_status = make_parent_status(&id.namespace, "srv-8080", "Accepted", "True", "Accepted"); - let status = make_status(vec![parent_status]); + let status = gateway::TCPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the TCPRoute is accepted because the @@ -726,7 +815,7 @@ fn route_rejected_after_server_delete() { { let mut index = index.write(); - >::delete( + >::delete( &mut index, "ns-0".to_string(), "srv-8080".to_string(), @@ -736,7 +825,9 @@ fn route_rejected_after_server_delete() { // Create the expected update. let parent_status = make_parent_status("ns-0", "srv-8080", "Accepted", "False", "NoMatchingParent"); - let status = make_status(vec![parent_status]); + let status = gateway::TCPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The third update will be that the TCPRoute is not accepted because the @@ -774,12 +865,12 @@ fn route_rejected_after_egress_network_delete() { let id = NamespaceGroupKindName { namespace: "ns-0".to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TcpRoute::group(&()), - kind: k8s_gateway_api::TcpRoute::kind(&()), + group: gateway::TCPRoute::group(&()), + kind: gateway::TCPRoute::kind(&()), name: "route-foo".into(), }, }; - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::TCPRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("EgressNetwork".to_string()), namespace: Some("ns-0".to_string()), @@ -795,13 +886,22 @@ fn route_rejected_after_egress_network_delete() { // Create the expected update. let accepted_condition = accepted(); let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::TCPRouteStatusParents { + parent_ref: gateway::TCPRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition.clone()], + conditions: Some(vec![accepted_condition, backend_condition.clone()]), }; - let status = make_status(vec![parent_status]); + let status = gateway::TCPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the TCPRoute is accepted because the @@ -812,7 +912,7 @@ fn route_rejected_after_egress_network_delete() { { let mut index = index.write(); - >::delete( + >::delete( &mut index, "ns-0".to_string(), "egress".to_string(), @@ -821,13 +921,22 @@ fn route_rejected_after_egress_network_delete() { // Create the expected update. let rejected_condition = no_matching_parent(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::TCPRouteStatusParents { + parent_ref: gateway::TCPRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![rejected_condition, backend_condition.clone()], + conditions: Some(vec![rejected_condition, backend_condition.clone()]), }; - let status = make_status(vec![parent_status]); + let status = gateway::TCPRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The third update will be that the TCPRoute is not accepted because the @@ -840,32 +949,23 @@ fn route_rejected_after_egress_network_delete() { fn make_route( id: &NamespaceGroupKindName, - parent: k8s_gateway_api::ParentReference, - backends: Vec, -) -> k8s_gateway_api::TcpRoute { - k8s_gateway_api::TcpRoute { + parent: gateway::TCPRouteParentRefs, + backends: Vec, +) -> gateway::TCPRoute { + gateway::TCPRoute { status: None, - metadata: k8s_core_api::ObjectMeta { + metadata: k8s::ObjectMeta { name: Some(id.gkn.name.to_string()), namespace: Some(id.namespace.clone()), - creation_timestamp: Some(k8s_core_api::Time(Utc::now())), + creation_timestamp: Some(k8s::Time(Utc::now())), ..Default::default() }, - spec: k8s_gateway_api::TcpRouteSpec { - inner: k8s_gateway_api::CommonRouteSpec { - parent_refs: Some(vec![parent]), - }, - rules: vec![k8s_gateway_api::TcpRouteRule { - backend_refs: backends, + spec: gateway::TCPRouteSpec { + parent_refs: Some(vec![parent]), + rules: vec![gateway::TCPRouteRules { + name: None, + backend_refs: Some(backends), }], }, } } - -fn make_status( - parents: Vec, -) -> k8s_gateway_api::TcpRouteStatus { - k8s_gateway_api::TcpRouteStatus { - inner: k8s_gateway_api::RouteStatus { parents }, - } -} diff --git a/policy-controller/k8s/status/src/tests/routes/tls.rs b/policy-controller/k8s/status/src/tests/routes/tls.rs index d5d2148084cc2..3321ccbd12799 100644 --- a/policy-controller/k8s/status/src/tests/routes/tls.rs +++ b/policy-controller/k8s/status/src/tests/routes/tls.rs @@ -1,4 +1,3 @@ -use super::make_parent_status; use crate::{ index::{ accepted, backend_not_found, invalid_backend_kind, no_matching_parent, resolved_refs, @@ -12,12 +11,40 @@ use chrono::{DateTime, Utc}; use kubert::index::IndexNamespacedResource; use linkerd_policy_controller_core::{routes::GroupKindName, POLICY_CONTROLLER_NAME}; use linkerd_policy_controller_k8s_api::{ - self as k8s_core_api, gateway as k8s_gateway_api, policy as linkerd_k8s_api, Resource, - ResourceExt, + self as k8s, gateway::tlsroutes as gateway, policy, Resource, ResourceExt, }; use std::{sync::Arc, vec}; use tokio::sync::{mpsc, watch}; +pub(crate) fn make_parent_status( + namespace: impl ToString, + name: impl ToString, + type_: impl ToString, + status: impl ToString, + reason: impl ToString, +) -> gateway::TLSRouteStatusParents { + let condition = k8s::Condition { + message: "".to_string(), + type_: type_.to_string(), + observed_generation: None, + reason: reason.to_string(), + status: status.to_string(), + last_transition_time: k8s::Time(DateTime::::MIN_UTC), + }; + gateway::TLSRouteStatusParents { + conditions: Some(vec![condition]), + parent_ref: gateway::TLSRouteStatusParentsParentRef { + port: None, + section_name: None, + name: name.to_string(), + kind: Some("Server".to_string()), + namespace: Some(namespace.to_string()), + group: Some(POLICY_API_GROUP.to_string()), + }, + controller_name: POLICY_CONTROLLER_NAME.to_string(), + } +} + #[test] fn route_with_valid_service_backends() { let hostname = "test"; @@ -48,7 +75,7 @@ fn route_with_valid_service_backends() { index.write().apply(backend2.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TLSRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -59,8 +86,8 @@ fn route_with_valid_service_backends() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TlsRoute::group(&()), - kind: k8s_gateway_api::TlsRoute::kind(&()), + group: gateway::TLSRoute::group(&()), + kind: gateway::TLSRoute::kind(&()), name: "route-foo".into(), }, }; @@ -68,24 +95,20 @@ fn route_with_valid_service_backends() { &id, parent.clone(), vec![ - k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend1.name_unchecked(), - namespace: backend1.namespace(), - port: Some(8080), - }, + gateway::TLSRouteRulesBackendRefs { + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend1.name_unchecked(), + namespace: backend1.namespace(), + port: Some(8080), weight: None, }, - k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend2.name_unchecked(), - namespace: backend2.namespace(), - port: Some(8080), - }, + gateway::TLSRouteRulesBackendRefs { + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend2.name_unchecked(), + namespace: backend2.namespace(), + port: Some(8080), weight: None, }, ], @@ -96,12 +119,21 @@ fn route_with_valid_service_backends() { let accepted_condition = accepted(); // All backends exist and can be resolved. let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -132,7 +164,7 @@ fn route_with_valid_egress_network_backend() { index.write().apply(parent.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TLSRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -143,22 +175,20 @@ fn route_with_valid_egress_network_backend() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TlsRoute::group(&()), - kind: k8s_gateway_api::TlsRoute::kind(&()), + group: gateway::TLSRoute::group(&()), + kind: gateway::TLSRoute::kind(&()), name: "route-foo".into(), }, }; let route = make_route( &id, parent.clone(), - vec![k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("policy.linkerd.io".to_string()), - kind: Some("EgressNetwork".to_string()), - name: parent.name.clone(), - namespace: parent.namespace.clone(), - port: Some(8080), - }, + vec![gateway::TLSRouteRulesBackendRefs { + group: Some("policy.linkerd.io".to_string()), + kind: Some("EgressNetwork".to_string()), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: Some(8080), weight: None, }], ); @@ -168,12 +198,21 @@ fn route_with_valid_egress_network_backend() { let accepted_condition = accepted(); // All backends exist and can be resolved. let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -208,7 +247,7 @@ fn route_with_invalid_service_backend() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TLSRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -219,8 +258,8 @@ fn route_with_invalid_service_backend() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TlsRoute::group(&()), - kind: k8s_gateway_api::TlsRoute::kind(&()), + group: gateway::TLSRoute::group(&()), + kind: gateway::TLSRoute::kind(&()), name: "route-foo".into(), }, }; @@ -228,24 +267,20 @@ fn route_with_invalid_service_backend() { &id, parent.clone(), vec![ - k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, + gateway::TLSRouteRulesBackendRefs { + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), weight: None, }, - k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: "nonexistant-backend".to_string(), - namespace: backend.namespace(), - port: Some(8080), - }, + gateway::TLSRouteRulesBackendRefs { + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: "nonexistant-backend".to_string(), + namespace: backend.namespace(), + port: Some(8080), weight: None, }, ], @@ -256,12 +291,21 @@ fn route_with_invalid_service_backend() { let accepted_condition = accepted(); // One of the backends does not exist so the status should be BackendNotFound. let backend_condition = backend_not_found(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -296,7 +340,7 @@ fn route_with_egress_network_backend_different_from_parent() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TLSRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -307,22 +351,20 @@ fn route_with_egress_network_backend_different_from_parent() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TlsRoute::group(&()), - kind: k8s_gateway_api::TlsRoute::kind(&()), + group: gateway::TLSRoute::group(&()), + kind: gateway::TLSRoute::kind(&()), name: "route-foo".into(), }, }; let route = make_route( &id, parent.clone(), - vec![k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("policy.linkerd.io".to_string()), - kind: Some("EgressNetwork".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, + vec![gateway::TLSRouteRulesBackendRefs { + group: Some("policy.linkerd.io".to_string()), + kind: Some("EgressNetwork".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), weight: None, }], ); @@ -333,12 +375,21 @@ fn route_with_egress_network_backend_different_from_parent() { let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -373,7 +424,7 @@ fn route_with_egress_network_backend_and_service_parent() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TLSRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -384,22 +435,20 @@ fn route_with_egress_network_backend_and_service_parent() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TlsRoute::group(&()), - kind: k8s_gateway_api::TlsRoute::kind(&()), + group: gateway::TLSRoute::group(&()), + kind: gateway::TLSRoute::kind(&()), name: "route-foo".into(), }, }; let route = make_route( &id, parent.clone(), - vec![k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("policy.linkerd.io".to_string()), - kind: Some("EgressNetwork".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, + vec![gateway::TLSRouteRulesBackendRefs { + group: Some("policy.linkerd.io".to_string()), + kind: Some("EgressNetwork".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), weight: None, }], ); @@ -410,12 +459,21 @@ fn route_with_egress_network_backend_and_service_parent() { let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -450,7 +508,7 @@ fn route_with_egress_network_parent_and_service_backend() { index.write().apply(backend.clone()); // Apply the route. - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TLSRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -461,22 +519,20 @@ fn route_with_egress_network_parent_and_service_backend() { let id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TlsRoute::group(&()), - kind: k8s_gateway_api::TlsRoute::kind(&()), + group: gateway::TLSRoute::group(&()), + kind: gateway::TLSRoute::kind(&()), name: "route-foo".into(), }, }; let route = make_route( &id, parent.clone(), - vec![k8s_gateway_api::BackendRef { - inner: k8s_gateway_api::BackendObjectReference { - group: Some("core".to_string()), - kind: Some("Service".to_string()), - name: backend.name_unchecked(), - namespace: backend.namespace(), - port: Some(8080), - }, + vec![gateway::TLSRouteRulesBackendRefs { + group: Some("core".to_string()), + kind: Some("Service".to_string()), + name: backend.name_unchecked(), + namespace: backend.namespace(), + port: Some(8080), weight: None, }], ); @@ -485,12 +541,21 @@ fn route_with_egress_network_parent_and_service_backend() { // Create the expected update. let accepted_condition = accepted(); let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), + }; + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); @@ -521,11 +586,11 @@ fn route_accepted_after_server_create() { namespace: "ns-0".to_string(), gkn: GroupKindName { name: "route-foo".into(), - kind: k8s_gateway_api::TlsRoute::kind(&()), - group: k8s_gateway_api::TlsRoute::group(&()), + kind: gateway::TLSRoute::kind(&()), + group: gateway::TLSRoute::group(&()), }, }; - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TLSRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("Server".to_string()), namespace: None, @@ -546,7 +611,9 @@ fn route_accepted_after_server_create() { "False", "NoMatchingParent", ); - let status = make_status(vec![parent_status]); + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The first update will be that the TLSRoute is not accepted because the @@ -562,14 +629,16 @@ fn route_accepted_after_server_create() { 8080, Some(("app", "app-0")), Some(("app", "app-0")), - Some(linkerd_k8s_api::server::ProxyProtocol::Http2), + Some(policy::server::ProxyProtocol::Http2), ); index.write().apply(server); // Create the expected update. let parent_status = make_parent_status(&id.namespace, "srv-8080", "Accepted", "True", "Accepted"); - let status = make_status(vec![parent_status]); + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the TCPRoute is accepted because the @@ -601,12 +670,12 @@ fn route_accepted_after_egress_network_create() { let id = NamespaceGroupKindName { namespace: "ns-0".to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TlsRoute::group(&()), - kind: k8s_gateway_api::TlsRoute::kind(&()), + group: gateway::TLSRoute::group(&()), + kind: gateway::TLSRoute::kind(&()), name: "route-foo".into(), }, }; - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::TLSRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("EgressNetwork".to_string()), namespace: Some("ns-0".to_string()), @@ -622,13 +691,22 @@ fn route_accepted_after_egress_network_create() { // Create the expected update. let accepted_condition = no_matching_parent(); let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition.clone()], + conditions: Some(vec![accepted_condition, backend_condition.clone()]), }; - let status = make_status(vec![parent_status]); + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The first update will be that the TLSRoute is not accepted because the @@ -643,13 +721,22 @@ fn route_accepted_after_egress_network_create() { // Create the expected update. let accepted_condition = accepted(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent, + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group, + kind: parent.kind, + name: parent.name, + namespace: parent.namespace, + port: parent.port, + section_name: parent.section_name, + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition], + conditions: Some(vec![accepted_condition, backend_condition]), }; - let status = make_status(vec![parent_status]); + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the TLSRoute is accepted because the @@ -683,7 +770,7 @@ fn route_rejected_after_server_delete() { 8080, Some(("app", "app-0")), Some(("app", "app-0")), - Some(linkerd_k8s_api::server::ProxyProtocol::Http2), + Some(policy::server::ProxyProtocol::Http2), ); index.write().apply(server); @@ -695,11 +782,11 @@ fn route_rejected_after_server_delete() { namespace: "ns-0".to_string(), gkn: GroupKindName { name: "route-foo".into(), - kind: k8s_gateway_api::TlsRoute::kind(&()), - group: k8s_gateway_api::TlsRoute::group(&()), + kind: gateway::TLSRoute::kind(&()), + group: gateway::TLSRoute::group(&()), }, }; - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TLSRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("Server".to_string()), namespace: None, @@ -715,7 +802,9 @@ fn route_rejected_after_server_delete() { // Create the expected update. let parent_status = make_parent_status(&id.namespace, "srv-8080", "Accepted", "True", "Accepted"); - let status = make_status(vec![parent_status]); + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the TLSRoutes is accepted because the @@ -726,7 +815,7 @@ fn route_rejected_after_server_delete() { { let mut index = index.write(); - >::delete( + >::delete( &mut index, "ns-0".to_string(), "srv-8080".to_string(), @@ -736,7 +825,9 @@ fn route_rejected_after_server_delete() { // Create the expected update. let parent_status = make_parent_status("ns-0", "srv-8080", "Accepted", "False", "NoMatchingParent"); - let status = make_status(vec![parent_status]); + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The third update will be that the TLSRoutes is not accepted because the @@ -774,12 +865,12 @@ fn route_rejected_after_egress_network_delete() { let id = NamespaceGroupKindName { namespace: "ns-0".to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TlsRoute::group(&()), - kind: k8s_gateway_api::TlsRoute::kind(&()), + group: gateway::TLSRoute::group(&()), + kind: gateway::TLSRoute::kind(&()), name: "route-foo".into(), }, }; - let parent = linkerd_k8s_api::httproute::ParentReference { + let parent = gateway::TLSRouteParentRefs { group: Some(POLICY_API_GROUP.to_string()), kind: Some("EgressNetwork".to_string()), namespace: Some("ns-0".to_string()), @@ -795,13 +886,22 @@ fn route_rejected_after_egress_network_delete() { // Create the expected update. let accepted_condition = accepted(); let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition, backend_condition.clone()], + conditions: Some(vec![accepted_condition, backend_condition.clone()]), }; - let status = make_status(vec![parent_status]); + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The second update will be that the TLSRoute is accepted because the @@ -812,7 +912,7 @@ fn route_rejected_after_egress_network_delete() { { let mut index = index.write(); - >::delete( + >::delete( &mut index, "ns-0".to_string(), "egress".to_string(), @@ -821,13 +921,22 @@ fn route_rejected_after_egress_network_delete() { // Create the expected update. let rejected_condition = no_matching_parent(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![rejected_condition, backend_condition.clone()], + conditions: Some(vec![rejected_condition, backend_condition.clone()]), }; - let status = make_status(vec![parent_status]); + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], + }; let patch = crate::index::make_patch(&id, status).unwrap(); // The third update will be that the TLSRoute is not accepted because the @@ -859,7 +968,7 @@ fn service_route_type_conflict() { let parent = super::make_service("ns-0", "svc"); index.write().apply(parent.clone()); - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TLSRouteParentRefs { group: Some("core".to_string()), kind: Some("Service".to_string()), namespace: parent.namespace(), @@ -872,23 +981,28 @@ fn service_route_type_conflict() { let tcp_id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TcpRoute::group(&()), - kind: k8s_gateway_api::TcpRoute::kind(&()), + group: k8s::gateway::tcproutes::TCPRoute::group(&()), + kind: k8s::gateway::tcproutes::TCPRoute::kind(&()), name: "tcproute-foo".into(), }, }; - let tcp_route = k8s_gateway_api::TcpRoute { + let tcp_route = k8s::gateway::tcproutes::TCPRoute { status: None, - metadata: k8s_core_api::ObjectMeta { + metadata: k8s::ObjectMeta { name: Some(tcp_id.gkn.name.to_string()), namespace: Some(tcp_id.namespace.clone()), - creation_timestamp: Some(k8s_core_api::Time(Utc::now())), + creation_timestamp: Some(k8s::Time(Utc::now())), ..Default::default() }, - spec: k8s_gateway_api::TcpRouteSpec { - inner: k8s_gateway_api::CommonRouteSpec { - parent_refs: Some(vec![parent.clone()]), - }, + spec: k8s::gateway::tcproutes::TCPRouteSpec { + parent_refs: Some(vec![k8s::gateway::tcproutes::TCPRouteParentRefs { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }]), rules: vec![], }, }; @@ -898,12 +1012,21 @@ fn service_route_type_conflict() { let accepted_condition = accepted(); // No backends were specified, so we have vacuously resolved them all. let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition.clone(), backend_condition.clone()], + conditions: Some(vec![accepted_condition.clone(), backend_condition.clone()]), + }; + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&tcp_id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); assert_eq!(tcp_id, update.id); @@ -913,8 +1036,8 @@ fn service_route_type_conflict() { let tls_id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TlsRoute::group(&()), - kind: k8s_gateway_api::TlsRoute::kind(&()), + group: gateway::TLSRoute::group(&()), + kind: gateway::TLSRoute::kind(&()), name: "tlsroute-foo".into(), }, }; @@ -924,23 +1047,41 @@ fn service_route_type_conflict() { // Two expected updates: TCPRoute should be rejected and TLSRoute should be accepted for _ in 0..2 { let update = updates_rx.try_recv().unwrap(); - if update.id.gkn.kind == k8s_gateway_api::TcpRoute::kind(&()) { + if update.id.gkn.kind == k8s::gateway::tcproutes::TCPRoute::kind(&()) { let conflict_condition = route_conflicted(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![conflict_condition, backend_condition.clone()], + conditions: Some(vec![conflict_condition, backend_condition.clone()]), + }; + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&tcp_id, status).unwrap(); assert_eq!(patch, update.patch); } else { - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition.clone(), backend_condition.clone()], + conditions: Some(vec![accepted_condition.clone(), backend_condition.clone()]), + }; + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&tls_id, status).unwrap(); assert_eq!(patch, update.patch); } @@ -971,7 +1112,7 @@ fn egress_network_route_type_conflict() { let parent = super::make_egress_network("ns-0", "egress", accepted()); index.write().apply(parent.clone()); - let parent = k8s_gateway_api::ParentReference { + let parent = gateway::TLSRouteParentRefs { group: Some("policy.linkerd.io".to_string()), kind: Some("EgressNetwork".to_string()), namespace: parent.namespace(), @@ -984,23 +1125,28 @@ fn egress_network_route_type_conflict() { let tcp_id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TcpRoute::group(&()), - kind: k8s_gateway_api::TcpRoute::kind(&()), + group: k8s::gateway::tcproutes::TCPRoute::group(&()), + kind: k8s::gateway::tcproutes::TCPRoute::kind(&()), name: "tcproute-foo".into(), }, }; - let tcp_route = k8s_gateway_api::TcpRoute { + let tcp_route = k8s::gateway::tcproutes::TCPRoute { status: None, - metadata: k8s_core_api::ObjectMeta { + metadata: k8s::ObjectMeta { name: Some(tcp_id.gkn.name.to_string()), namespace: Some(tcp_id.namespace.clone()), - creation_timestamp: Some(k8s_core_api::Time(Utc::now())), + creation_timestamp: Some(k8s::Time(Utc::now())), ..Default::default() }, - spec: k8s_gateway_api::TcpRouteSpec { - inner: k8s_gateway_api::CommonRouteSpec { - parent_refs: Some(vec![parent.clone()]), - }, + spec: k8s::gateway::tcproutes::TCPRouteSpec { + parent_refs: Some(vec![k8s::gateway::tcproutes::TCPRouteParentRefs { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }]), rules: vec![], }, }; @@ -1010,12 +1156,21 @@ fn egress_network_route_type_conflict() { let accepted_condition = accepted(); // No backends were specified, so we have vacuously resolved them all. let backend_condition = resolved_refs(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition.clone(), backend_condition.clone()], + conditions: Some(vec![accepted_condition.clone(), backend_condition.clone()]), + }; + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&tcp_id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); assert_eq!(tcp_id, update.id); @@ -1025,8 +1180,8 @@ fn egress_network_route_type_conflict() { let tls_id = NamespaceGroupKindName { namespace: parent.namespace.as_deref().unwrap().to_string(), gkn: GroupKindName { - group: k8s_gateway_api::TlsRoute::group(&()), - kind: k8s_gateway_api::TlsRoute::kind(&()), + group: gateway::TLSRoute::group(&()), + kind: gateway::TLSRoute::kind(&()), name: "tlsroute-foo".into(), }, }; @@ -1036,23 +1191,41 @@ fn egress_network_route_type_conflict() { // Two expected updates: TCP should be rejected and TLSRoute should be accepted for _ in 0..2 { let update = updates_rx.try_recv().unwrap(); - if update.id.gkn.kind == k8s_gateway_api::TcpRoute::kind(&()) { + if update.id.gkn.kind == k8s::gateway::tcproutes::TCPRoute::kind(&()) { let conflict_condition = route_conflicted(); - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![conflict_condition, backend_condition.clone()], + conditions: Some(vec![conflict_condition, backend_condition.clone()]), + }; + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&tcp_id, status).unwrap(); assert_eq!(patch, update.patch); } else { - let parent_status = k8s_gateway_api::RouteParentStatus { - parent_ref: parent.clone(), + let parent_status = gateway::TLSRouteStatusParents { + parent_ref: gateway::TLSRouteStatusParentsParentRef { + group: parent.group.clone(), + kind: parent.kind.clone(), + name: parent.name.clone(), + namespace: parent.namespace.clone(), + port: parent.port, + section_name: parent.section_name.clone(), + }, controller_name: POLICY_CONTROLLER_NAME.to_string(), - conditions: vec![accepted_condition.clone(), backend_condition.clone()], + conditions: Some(vec![accepted_condition.clone(), backend_condition.clone()]), + }; + let status = gateway::TLSRouteStatus { + parents: vec![parent_status], }; - let status = make_status(vec![parent_status]); let patch = crate::index::make_patch(&tls_id, status).unwrap(); assert_eq!(patch, update.patch); } @@ -1064,33 +1237,24 @@ fn egress_network_route_type_conflict() { fn make_route( id: &NamespaceGroupKindName, - parent: k8s_gateway_api::ParentReference, - backends: Vec, -) -> k8s_gateway_api::TlsRoute { - k8s_gateway_api::TlsRoute { + parent: gateway::TLSRouteParentRefs, + backends: Vec, +) -> gateway::TLSRoute { + gateway::TLSRoute { status: None, - metadata: k8s_core_api::ObjectMeta { + metadata: k8s::ObjectMeta { name: Some(id.gkn.name.to_string()), namespace: Some(id.namespace.clone()), - creation_timestamp: Some(k8s_core_api::Time(Utc::now())), + creation_timestamp: Some(k8s::Time(Utc::now())), ..Default::default() }, - spec: k8s_gateway_api::TlsRouteSpec { - inner: k8s_gateway_api::CommonRouteSpec { - parent_refs: Some(vec![parent]), - }, + spec: gateway::TLSRouteSpec { + parent_refs: Some(vec![parent]), hostnames: None, - rules: vec![k8s_gateway_api::TlsRouteRule { - backend_refs: backends, + rules: vec![gateway::TLSRouteRules { + name: None, + backend_refs: Some(backends), }], }, } } - -fn make_status( - parents: Vec, -) -> k8s_gateway_api::TlsRouteStatus { - k8s_gateway_api::TlsRouteStatus { - inner: k8s_gateway_api::RouteStatus { parents }, - } -} diff --git a/policy-controller/runtime/src/admission.rs b/policy-controller/runtime/src/admission.rs index f4455fd7cafeb..88397ed5fb35b 100644 --- a/policy-controller/runtime/src/admission.rs +++ b/policy-controller/runtime/src/admission.rs @@ -12,8 +12,7 @@ use http_body_util::BodyExt; use hyper::{http, Request, Response}; use k8s_openapi::api::core::v1::{Namespace, ServiceAccount}; use kube::{core::DynamicObject, Resource, ResourceExt}; -use linkerd_policy_controller_core as core; -use linkerd_policy_controller_k8s_api::gateway::{self as k8s_gateway_api, GrpcRoute}; +use linkerd_policy_controller_k8s_api::gateway; use linkerd_policy_controller_k8s_index::{self as index, outbound::index as outbound_index}; use serde::de::DeserializeOwned; use std::collections::BTreeMap; @@ -140,20 +139,28 @@ impl Admission { return self.admit_spec::(req).await; } - if is_kind::(&req) { - return self.admit_spec::(req).await; + if is_kind::(&req) { + return self + .admit_spec::(req) + .await; } - if is_kind::(&req) { - return self.admit_spec::(req).await; + if is_kind::(&req) { + return self + .admit_spec::(req) + .await; } - if is_kind::(&req) { - return self.admit_spec::(req).await; + if is_kind::(&req) { + return self + .admit_spec::(req) + .await; } - if is_kind::(&req) { - return self.admit_spec::(req).await; + if is_kind::(&req) { + return self + .admit_spec::(req) + .await; } if is_kind::(&req) { @@ -241,7 +248,7 @@ fn validate_policy_target(ns: &str, tgt: &LocalTargetRef) -> Result<()> { return Ok(()); } - if tgt.targets_kind::() { + if tgt.targets_kind::() { return Ok(()); } @@ -540,31 +547,8 @@ impl Validate for Admission { } } -use index::routes::http as http_route; - -fn validate_match( - httproute::HttpRouteMatch { - path, - headers, - query_params, - method, - }: httproute::HttpRouteMatch, -) -> Result<()> { - let _ = path.map(index::routes::http::path_match).transpose()?; - let _ = method - .as_deref() - .map(core::routes::Method::try_from) - .transpose()?; - - for q in query_params.into_iter().flatten() { - index::routes::http::query_param_match(q)?; - } - - for h in headers.into_iter().flatten() { - index::routes::http::header_match(h)?; - } - - Ok(()) +fn validate_match(httproute_rules_match: gateway::httproutes::HTTPRouteRulesMatches) -> Result<()> { + index::routes::http::try_match(httproute_rules_match).map(|_| ()) } #[async_trait::async_trait] @@ -576,30 +560,32 @@ impl Validate for Admission { annotations: &BTreeMap, spec: HttpRouteSpec, ) -> Result<()> { - for parent in spec.inner.parent_refs.iter().flatten() { - validate_parent_ref_port_requirements(parent)?; + for parent in spec.parent_refs.iter().flatten() { + if outbound_index::is_parent_egress_network(&parent.kind, &parent.group) + && parent.port.is_none() + { + bail!("cannot target an EgressNetwork without specifying a port"); + } } - if spec - .inner - .parent_refs - .iter() - .flatten() - .any(outbound_index::is_parent_service_or_egress_network) - { - index::outbound::index::http::parse_http_retry(annotations)?; - index::outbound::index::parse_accrual_config(annotations)?; - index::outbound::index::parse_timeouts(annotations)?; + if spec.parent_refs.iter().flatten().any(|parent| { + outbound_index::is_parent_service_or_egress_network(&parent.kind, &parent.group) + }) { + outbound_index::http::parse_http_retry(annotations)?; + outbound_index::parse_accrual_config(annotations)?; + outbound_index::parse_timeouts(annotations)?; } fn validate_filter(filter: httproute::HttpRouteFilter) -> Result<()> { match filter { httproute::HttpRouteFilter::RequestHeaderModifier { request_header_modifier, - } => index::routes::http::header_modifier(request_header_modifier).map(|_| ()), + } => index::routes::http::request_header_modifier(request_header_modifier) + .map(|_| ()), httproute::HttpRouteFilter::ResponseHeaderModifier { response_header_modifier, - } => index::routes::http::header_modifier(response_header_modifier).map(|_| ()), + } => index::routes::http::response_header_modifier(response_header_modifier) + .map(|_| ()), httproute::HttpRouteFilter::RequestRedirect { request_redirect } => { index::routes::http::req_redirect(request_redirect).map(|_| ()) } @@ -657,7 +643,25 @@ impl Validate for Admission { } } -fn validate_backend_if_service(br: &k8s_gateway_api::BackendObjectReference) -> Result<()> { +fn validate_http_backend_if_service( + br: &gateway::httproutes::HTTPRouteRulesBackendRefs, +) -> Result<()> { + let is_service = matches!(br.group.as_deref(), Some("core") | Some("") | None) + && matches!(br.kind.as_deref(), Some("Service") | None); + + // If the backend reference is a Service, it must have a port. If it is not + // a Service, then we have to admit it for interoperability with other + // controllers. + if is_service && matches!(br.port, None | Some(0)) { + bail!("cannot reference a Service without a port"); + } + + Ok(()) +} + +fn validate_grpc_backend_if_service( + br: &gateway::grpcroutes::GRPCRouteRulesBackendRefs, +) -> Result<()> { let is_service = matches!(br.group.as_deref(), Some("core") | Some("") | None) && matches!(br.kind.as_deref(), Some("Service") | None); @@ -672,55 +676,52 @@ fn validate_backend_if_service(br: &k8s_gateway_api::BackendObjectReference) -> } #[async_trait::async_trait] -impl Validate for Admission { +impl Validate for Admission { async fn validate( self, _ns: &str, _name: &str, annotations: &BTreeMap, - spec: k8s_gateway_api::HttpRouteSpec, + spec: gateway::httproutes::HTTPRouteSpec, ) -> Result<()> { - for parent in spec.inner.parent_refs.iter().flatten() { - validate_parent_ref_port_requirements(parent)?; + for parent in spec.parent_refs.iter().flatten() { + if outbound_index::is_parent_egress_network(&parent.kind, &parent.group) + && parent.port.is_none() + { + bail!("cannot target an EgressNetwork without specifying a port"); + } } - if spec - .inner - .parent_refs - .iter() - .flatten() - .any(outbound_index::is_parent_service_or_egress_network) - { + if spec.parent_refs.iter().flatten().any(|parent| { + outbound_index::is_parent_service_or_egress_network(&parent.kind, &parent.group) + }) { outbound_index::http::parse_http_retry(annotations)?; outbound_index::parse_accrual_config(annotations)?; outbound_index::parse_timeouts(annotations)?; } - fn validate_filter(filter: k8s_gateway_api::HttpRouteFilter) -> Result<()> { - match filter { - k8s_gateway_api::HttpRouteFilter::RequestHeaderModifier { - request_header_modifier, - } => index::routes::http::header_modifier(request_header_modifier).map(|_| ()), - k8s_gateway_api::HttpRouteFilter::ResponseHeaderModifier { - response_header_modifier, - } => index::routes::http::header_modifier(response_header_modifier).map(|_| ()), - k8s_gateway_api::HttpRouteFilter::RequestRedirect { request_redirect } => { - index::routes::http::req_redirect(request_redirect).map(|_| ()) - } - k8s_gateway_api::HttpRouteFilter::RequestMirror { .. } => Ok(()), - k8s_gateway_api::HttpRouteFilter::URLRewrite { .. } => Ok(()), - k8s_gateway_api::HttpRouteFilter::ExtensionRef { .. } => Ok(()), + fn validate_filter(filter: gateway::httproutes::HTTPRouteRulesFilters) -> Result<()> { + if let Some(request_header_modifier) = filter.request_header_modifier { + index::routes::http::request_header_modifier(request_header_modifier)?; + } + if let Some(response_header_modifier) = filter.response_header_modifier { + index::routes::http::response_header_modifier(response_header_modifier)?; } + if let Some(request_redirect) = filter.request_redirect { + index::routes::http::req_redirect(request_redirect)?; + } + Ok(()) } // Validate the rules in this spec. // This is essentially equivalent to the indexer's conversion function // from `HttpRouteSpec` to `InboundRouteBinding`, except that we don't // actually allocate stuff in order to return an `InboundRouteBinding`. - for k8s_gateway_api::HttpRouteRule { + for gateway::httproutes::HTTPRouteRules { filters, matches, backend_refs, + .. } in spec.rules.into_iter().flatten() { for m in matches.into_iter().flatten() { @@ -731,12 +732,8 @@ impl Validate for Admission { validate_filter(f)?; } - for br in backend_refs - .iter() - .flatten() - .filter_map(|br| br.backend_ref.as_ref()) - { - validate_backend_if_service(&br.inner).context("invalid backendRef")?; + for br in backend_refs.iter().flatten() { + validate_http_backend_if_service(br).context("invalid backendRef")?; } } @@ -745,79 +742,54 @@ impl Validate for Admission { } #[async_trait::async_trait] -impl Validate for Admission { +impl Validate for Admission { async fn validate( self, _ns: &str, _name: &str, annotations: &BTreeMap, - spec: k8s_gateway_api::GrpcRouteSpec, + spec: gateway::grpcroutes::GRPCRouteSpec, ) -> Result<()> { - for parent in spec.inner.parent_refs.iter().flatten() { - validate_parent_ref_port_requirements(parent)?; + for parent in spec.parent_refs.iter().flatten() { + if outbound_index::is_parent_egress_network(&parent.kind, &parent.group) + && parent.port.is_none() + { + bail!("cannot target an EgressNetwork without specifying a port"); + } } - if spec - .inner - .parent_refs - .iter() - .flatten() - .any(outbound_index::is_parent_service_or_egress_network) - { + if spec.parent_refs.iter().flatten().any(|parent| { + outbound_index::is_parent_service_or_egress_network(&parent.kind, &parent.group) + }) { outbound_index::grpc::parse_grpc_retry(annotations)?; outbound_index::parse_accrual_config(annotations)?; outbound_index::parse_timeouts(annotations)?; } - fn validate_filter(filter: k8s_gateway_api::GrpcRouteFilter) -> Result<()> { - match filter { - k8s_gateway_api::GrpcRouteFilter::RequestHeaderModifier { - request_header_modifier, - } => http_route::header_modifier(request_header_modifier).map(|_| ()), - k8s_gateway_api::GrpcRouteFilter::ResponseHeaderModifier { - response_header_modifier, - } => http_route::header_modifier(response_header_modifier).map(|_| ()), - k8s_gateway_api::GrpcRouteFilter::RequestMirror { .. } => Ok(()), - k8s_gateway_api::GrpcRouteFilter::ExtensionRef { .. } => Ok(()), - } - } - - fn validate_match_rule( - k8s_gateway_api::GrpcRouteMatch { method, headers }: k8s_gateway_api::GrpcRouteMatch, - ) -> Result<()> { - if let Some(method_match) = method { - let (method_name, service_name) = match method_match { - k8s_gateway_api::GrpcMethodMatch::Exact { method, service } => { - (method, service) - } - k8s_gateway_api::GrpcMethodMatch::RegularExpression { method, service } => { - (method, service) - } - }; - - if method_name.as_deref().map(str::is_empty).unwrap_or(true) - && service_name.as_deref().map(str::is_empty).unwrap_or(true) - { - bail!("at least one of GrpcMethodMatch.Service and GrpcMethodMatch.Method MUST be a non-empty string") - } + fn validate_filter(filter: gateway::grpcroutes::GRPCRouteRulesFilters) -> Result<()> { + if let Some(request_header_modifier) = filter.request_header_modifier { + index::routes::grpc::request_header_modifier(request_header_modifier)?; } - - for rule in headers.into_iter().flatten() { - http_route::header_match(rule)?; + if let Some(response_header_modifier) = filter.response_header_modifier { + index::routes::grpc::response_header_modifier(response_header_modifier)?; } - Ok(()) } + fn validate_match_rule(matches: gateway::grpcroutes::GRPCRouteRulesMatches) -> Result<()> { + index::routes::grpc::try_match(matches).map(|_| ()) + } + // Validate the rules in this spec. // This is essentially just a check to ensure that none // of the rules are improperly constructed (e.g. include // a `GrpcMethodMatch` rule where neither `method.method` // nor `method.service` actually contain a value) - for k8s_gateway_api::GrpcRouteRule { + for gateway::grpcroutes::GRPCRouteRules { filters, matches, backend_refs, + .. } in spec.rules.into_iter().flatten() { for rule in matches.into_iter().flatten() { @@ -829,7 +801,7 @@ impl Validate for Admission { } for br in backend_refs.iter().flatten() { - validate_backend_if_service(&br.inner).context("invalid backendRef")?; + validate_grpc_backend_if_service(br).context("invalid backendRef")?; } } @@ -838,16 +810,20 @@ impl Validate for Admission { } #[async_trait::async_trait] -impl Validate for Admission { +impl Validate for Admission { async fn validate( self, _ns: &str, _name: &str, _annotations: &BTreeMap, - spec: k8s_gateway_api::TlsRouteSpec, + spec: gateway::tlsroutes::TLSRouteSpec, ) -> Result<()> { - for parent in spec.inner.parent_refs.iter().flatten() { - validate_parent_ref_port_requirements(parent)?; + for parent in spec.parent_refs.iter().flatten() { + if outbound_index::is_parent_egress_network(&parent.kind, &parent.group) + && parent.port.is_none() + { + bail!("cannot target an EgressNetwork without specifying a port"); + } } if spec.rules.len() != 1 { @@ -859,16 +835,20 @@ impl Validate for Admission { } #[async_trait::async_trait] -impl Validate for Admission { +impl Validate for Admission { async fn validate( self, _ns: &str, _name: &str, _annotations: &BTreeMap, - spec: k8s_gateway_api::TcpRouteSpec, + spec: gateway::tcproutes::TCPRouteSpec, ) -> Result<()> { - for parent in spec.inner.parent_refs.iter().flatten() { - validate_parent_ref_port_requirements(parent)?; + for parent in spec.parent_refs.iter().flatten() { + if outbound_index::is_parent_egress_network(&parent.kind, &parent.group) + && parent.port.is_none() + { + bail!("cannot target an EgressNetwork without specifying a port"); + } } if spec.rules.len() != 1 { @@ -879,14 +859,6 @@ impl Validate for Admission { } } -fn validate_parent_ref_port_requirements(parent: &k8s_gateway_api::ParentReference) -> Result<()> { - if index::outbound::index::is_parent_egress_network(parent) && parent.port.is_none() { - bail!("cannot target an EgressNetwork without specifying a port"); - } - - Ok(()) -} - #[async_trait::async_trait] impl Validate for Admission { async fn validate( diff --git a/policy-controller/runtime/src/args.rs b/policy-controller/runtime/src/args.rs index 6c177bb87b418..466d5647096ba 100644 --- a/policy-controller/runtime/src/args.rs +++ b/policy-controller/runtime/src/args.rs @@ -4,7 +4,7 @@ use crate::{ grpc, index::{self, ports::parse_portset, ClusterInfo, DefaultPolicy}, index_list::IndexList, - k8s::{self, gateway as k8s_gateway_api}, + k8s::{self, gateway}, status, InboundDiscover, OutboundDiscover, }; use anyhow::{bail, Result}; @@ -288,9 +288,9 @@ impl Args { ); } - if api_resource_exists::(&runtime.client()).await { + if api_resource_exists::(&runtime.client()).await { let gateway_http_routes = - runtime.watch_all::(watcher::Config::default()); + runtime.watch_all::(watcher::Config::default()); tokio::spawn( kubert::index::namespaced(http_routes_indexes, gateway_http_routes) .instrument(info_span!("httproutes.gateway.networking.k8s.io")), @@ -301,9 +301,9 @@ impl Args { ); } - if api_resource_exists::(&runtime.client()).await { + if api_resource_exists::(&runtime.client()).await { let gateway_grpc_routes = - runtime.watch_all::(watcher::Config::default()); + runtime.watch_all::(watcher::Config::default()); let gateway_grpc_routes_indexes = IndexList::new(outbound_index.clone()) .push(inbound_index.clone()) .push(status_index.clone()) @@ -318,9 +318,9 @@ impl Args { ); } - if api_resource_exists::(&runtime.client()).await { + if api_resource_exists::(&runtime.client()).await { let tls_routes = - runtime.watch_all::(watcher::Config::default()); + runtime.watch_all::(watcher::Config::default()); let tls_routes_indexes = IndexList::new(status_index.clone()) .push(outbound_index.clone()) .shared(); @@ -334,9 +334,9 @@ impl Args { ); } - if api_resource_exists::(&runtime.client()).await { + if api_resource_exists::(&runtime.client()).await { let tcp_routes = - runtime.watch_all::(watcher::Config::default()); + runtime.watch_all::(watcher::Config::default()); let tcp_routes_indexes = IndexList::new(status_index.clone()) .push(outbound_index.clone()) .shared();